On Wed, 30 Jul 2025 20:20:33 GMT, Weibing Xiao <wx...@openjdk.org> wrote:
> [webrev.zip](https://github.com/user-attachments/files/21517501/webrev.zip) > NPE thrown from SASL GSSAPI impl on Java 11+ when TLS is used with QOP > auth-int against Active Directory. > > When the exception is triggered, LDAP Connection will do "clean-up" operation > and output stream get flushed and closed the context while GssKrb5Client is > still wrapping the message and SaslOuput Stream is writing the content of the > buffer; and at the time GSSContext is disposed and it is null. That's the > reason to throw NPE. > > 1) Check if the context is null or not; then wrap the NPE. The change is done > in GssKrb5Base.java > > No test file is attached for this MR since it needs Sasl LDAP server with > security setup. Attached webrev for the reference. I can not revert the previous change. It will close the unused sockets in JVM before next GC to clean them. Once simple fix in application cod for this NPE is increasing buffer size by setting javax.security.sasl.maxbuffer in the context to overwrite the hard coded buffer size in AbstractSaslImpl.java. This NPE is more or less related to the timing. The context was cleared earlier than output stream got flush, but the later code is actually running earlier, but completed later. ------------- PR Comment: https://git.openjdk.org/jdk/pull/26566#issuecomment-3211690268
