On Wed, 30 Jul 2025 20:20:33 GMT, Weibing Xiao <wx...@openjdk.org> wrote:
> [webrev.zip](https://github.com/user-attachments/files/21517501/webrev.zip) > NPE thrown from SASL GSSAPI impl on Java 11+ when TLS is used with QOP > auth-int against Active Directory. > > When the exception is triggered, LDAP Connection will do "clean-up" operation > and output stream get flushed and closed the context while GssKrb5Client is > still wrapping the message and SaslOuput Stream is writing the content of the > buffer; and at the time GSSContext is disposed and it is null. That's the > reason to throw NPE. > > 1) Check if the context is null or not; then wrap the NPE. The change is done > in GssKrb5Base.java > > No test file is attached for this MR since it needs Sasl LDAP server with > security setup. Attached webrev for the reference. Since this fix in the security-libs area, I think the component and subcomponent should be changed to security-libs/javax.security. Also, please add a "noreg-hard" label to the bug with a comment explaining why it is too hard to write a regression test. ------------- PR Comment: https://git.openjdk.org/jdk/pull/26566#issuecomment-3205967533
