On 2025-04-28 10:22, Osipov, Michael (IN IT IN) wrote:
> Hi folks,
> Hi Max,
>
> please assess the following bug I have found in Java 11+, it does not
exist
> in Java 8. I have tried the following most versions on Azul Zulu/
> OpenJDK: 8, 11, 17, 21, 24 on multiple platforms. Searched JBS as well,
> nothing found.
I was able to debug this and find the cause.
It is a regression from
https://github.com/openjdk/jdk11u/commit/bcac47f00ac6cf511ad7709fb9d39276ac27b049,
introduced with https://bugs.openjdk.org/browse/JDK-8313657.
I can even reproduce this with the HPE JDK 8 for HP-UX, so I guess they
have backported that broken fix.
Connection#flushAndCloseOutputStream() closes the SaslOutputStream()
which disposes the GSS security context and sets it to null. After that
Connection#abandonRequest(LdapRequest, Control[]) is invoked which still
uses the SaslOutputStream:
> synchronized (this) {
> outStream.write(ber.getBuf(), 0, ber.getDataLen());
> outStream.flush();
> }
Andrew,
can you log a bug here?
Michael
