Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8256818

SSLSocket that is never bound or connected leaks socket resources

    XMLWordPrintable

    Details

    • Subcomponent:
    • Introduced In Build:
      b26
    • Introduced In Version:
      13
    • Resolved In Build:
      b27
    • Verification:
      Verified

      Backports

        Description

        There is a flaw in sun.security.ssl.SSLSocketImpl::close() which leads to leaking socket resources after JDK-8224829.

        The close method calls duplexCloseOutput() and duplexCloseInput(). In case of an exception in any of these methods, the call to closeSocket() is bypassed, and the underlying Socket may not be closed.

        This manifests in a real life leak after JDK-8224829 has introduced a call to getSoLinger() on the path of duplexCloseOutput -> closeNotify. If socket impl / OS socket hadn't been created yet it is done at that place. But then after duplexCloseOutput eventually fails with a SocketException since the socket wasn't connected, closing fails to call Socket::close().

        This problem can be reproduced by this code:
        SSLSocket sslSocket = (SSLSocket)SSLSocketFactory.getDefault().createSocket();
        sslSocket.getSSLParameters();
        sslSocket.close();

        This is what happens when SSLContext.getDefault().getDefaultSSLParameters() is called, with close() being eventually called by the finalizer.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                clanger Christoph Langer
                Reporter:
                clanger Christoph Langer
                Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: