On Wed, 30 Jul 2025 20:20:33 GMT, Weibing Xiao <[email protected]> wrote:
> [webrev.zip](https://github.com/user-attachments/files/22605072/webrev.zip) > NPE thrown from SASL GSSAPI impl when TLS is used with QOP auth-int against > Active Directory. > > When the exception is triggered, LDAP Connection will do "clean-up" operation > and output stream get flushed and closed the context while GssKrb5Client is > still wrapping the message, and tried to send the abandoned info to the > client at line > https://github.com/openjdk/jdk/blob/master/src/jdk.security.jgss/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Base.java#L140. > That's the reason to throw NPE. > > The change is going to close socket and output stream in LdapClient.java. It > would allow SASL client code to send the abandoned request to client; then > dispose GSS context. This will avoid NPE to thrown at line 140 of > GssKrb5Base.java. > > No test file is attached for this MR since it needs Sasl LDAP server with > security setup. Attached the updated webrev for the reference. This pull request has been closed without being integrated. ------------- PR: https://git.openjdk.org/jdk/pull/26566
