JDK-8313657 : com.sun.jndi.ldap.Connection.cleanup does not close connections on SocketTimeoutErrors
  • Type: Bug
  • Component: core-libs
  • Sub-Component: javax.naming
  • Affected Version: 8,11,17,21,22
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2023-08-03
  • Updated: 2025-05-07
  • Resolved: 2023-08-14
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 17 JDK 21 JDK 22 JDK 8
11.0.22-oracleFixed 17.0.10-oracleFixed 21Resolved 22 b11Fixed 8u401Fixed
Related Reports
Relates :  
JDK-8314063 - The socket is not closed in Connection::createSocket when the handshake failed for LDAP connection
Description
com.sun.jndi.ldap.Connection#cleanup does not close underlying socket if the is an IOException generation in the below code.
 
This causes ldap connection build ups that get cleared only during GC.
 
This also causes issues with Ldap SSL Handshakes and causes additional delay . Even after the connection is abandoned by the Ldap client the connection is not closed. Ldap server assumes the server is active and keeps reattempting to complete the handshake for the timeout period (currently set to 300s ) .
 
com.sun.jndi.ldap.Connection#cleanup

void cleanup(Control[] reqCtls, boolean notifyParent) {
660 boolean nparent = false;
 
676 } finally {
677 try {
678 outStream.flush(); // try to perform a flush - that triggers a socket readtimeout .
679 sock.close(); // socket close is not called.
680 unpauseReader();
681 } catch (IOException ie) {
682 if (debug)
683 System.err.println("Connection: problem closing socket: " + ie);
684 }
 
 
Stack Triggering the timeout.
 
 at sun.security.ssl.SSLSocketImpl.access$200(java.base/SSLSocketImpl.java:76)
 at sun.security.ssl.SSLSocketImpl$AppOutputStream.write(java.base/SSLSocketImpl.java:1138)
 at java.io.BufferedOutputStream.flushBuffer(java.base/BufferedOutputStream.java:82)
 at java.io.BufferedOutputStream.flush(java.base/BufferedOutputStream.java:140)
        - locked <0x00000007dd63ea80> (a java.io.BufferedOutputStream)
 at com.sun.jndi.ldap.Connection.cleanup(java.base/Connection.java:678)
        - locked <0x00000007dd63ea98> (a com.sun.jndi.ldap.Connection)
 at com.sun.jndi.ldap.Connection.writeRequest(java.base/Connection.java:453)
 at com.sun.jndi.ldap.Connection.writeRequest(java.base/Connection.java:423)
 at com.sun.jndi.ldap.LdapClient.ldapBind(java.base/LdapClient.java:359)
        - locked <0x00000007dd63eb88> (a com.sun.jndi.ldap.LdapClient)
 at com.sun.jndi.ldap.LdapClient.authenticate(java.base/LdapClient.java:214)
        - locked <0x00000007dd63eb88> (a com.sun.jndi.ldap.LdapClient)
 at com.sun.jndi.ldap.LdapCtx.connect(java.base/LdapCtx.java:2895)
        - locked <0x00000007dd63ebc0> (a java.lang.Object)
 at com.sun.jndi.ldap.LdapCtx.<init>(java.base/LdapCtx.java:348)
 
 
 jdk.JavaExceptionThrow {
  startTime = 19:21:23.192
  message = "Read timed out"
  thrownClass = java.net.SocketTimeoutException (classLoader = bootstrap)
  eventThread = "[STUCK] ExecuteThread: '239' for queue:
'weblogic.kernel.Default (self-tuning)'" (javaThreadId
  stackTrace = [
    java.lang.Throwable.<init>(String) line: 275
    java.lang.Exception.<init>(String) line: 66
    java.io.IOException.<init>(String) line: 58
    java.io.InterruptedIOException.<init>(String) line: 64
    java.net.SocketTimeoutException.<init>(String) line: 43
    java.net.SocketInputStream.socketRead0(FileDescriptor, byte[], int, int, int)
    java.net.SocketInputStream.socketRead(FileDescriptor, byte[], int, int, int) line: 116
    java.net.SocketInputStream.read(byte[], int, int, int) line: 171
    java.net.SocketInputStream.read(byte[], int, int) line: 141
    sun.security.ssl.SSLSocketInputRecord.read(InputStream, byte[], int, int) line: 475
    sun.security.ssl.SSLSocketInputRecord.readHeader() line: 469
    sun.security.ssl.SSLSocketInputRecord.decode(ByteBuffer[], int, int) line: 159
    sun.security.ssl.SSLTransport.decode(TransportContext, ByteBuffer[], int, int, ByteBuffer[], int, int) line
    sun.security.ssl.SSLSocketImpl.decode(ByteBuffer) line: 1320
    sun.security.ssl.SSLSocketImpl.readHandshakeRecord() line: 1233
    sun.security.ssl.SSLSocketImpl.startHandshake(boolean) line: 417
    sun.security.ssl.SSLSocketImpl.ensureNegotiated(boolean) line: 837
    sun.security.ssl.SSLSocketImpl.access$200(SSLSocketImpl, boolean) line: 76
    sun.security.ssl.SSLSocketImpl$AppOutputStream.write(byte[], int, int) line: 1138
    java.io.BufferedOutputStream.flushBuffer() line: 82
    java.io.BufferedOutputStream.flush() line: 140
    com.sun.jndi.ldap.Connection.cleanup(Control[], boolean) line: 678
    com.sun.jndi.ldap.Connection.writeRequest(BerEncoder, int, boolean, int) line: 453
    com.sun.jndi.ldap.Connection.writeRequest(BerEncoder, int, boolean) line: 423
    com.sun.jndi.ldap.LdapClient.ldapBind(String, byte[], Control[], String, boolean) line: 359
    com.sun.jndi.ldap.LdapClient.authenticate(boolean, String, Object, int, String, Control[], Hashtable) line:
    com.sun.jndi.ldap.LdapCtx.connect(boolean) line: 2895
    com.sun.jndi.ldap.LdapCtx.<init>(String, String, int, Hashtable, boolean) line: 348
    com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(String, String, LdapURL, Hashtable) line: 225
    com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(String, Hashtable) line: 189
    com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(String[], Hashtable) line: 243
    com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Object, Hashtable) line: 154
    com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Hashtable) line: 84
    javax.naming.spi.NamingManager.getInitialContext(Hashtable) line: 694
    javax.naming.InitialContext.getDefaultInitCtx() line: 313
    javax.naming.InitialContext.init(Hashtable) line: 244
    javax.naming.ldap.InitialLdapContext.<init>(Hashtable, Control[]) line: 154
Comments
A bug report on this code change at https://mail.openjdk.org/pipermail/security-dev/2025-April/045603.html
07-05-2025
Fix request [11u] I backport this for parity with 11.0.22-oracle. Clean backport. Same with 17 backport. Test passes and fails without the fix. SAP nightly testing passed.
26-09-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk11u-dev/pull/2140 Date: 2023-09-22 08:33:25 +0000
22-09-2023
Fix request [17u] I backport this for parity with 17.0.10-oracle. Low risk, straight forward adding of error support. Clean backport. Test passes and fails without the fix. SAP nightly testing passed.
16-09-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-dev/pull/1740 Date: 2023-09-14 11:46:09 +0000
14-09-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk21u/pull/64 Date: 2023-08-16 14:37:46 +0000
16-08-2023
Changeset: e56d3bc2 Author: Weibing Xiao <weibing.xiao@oracle.com> Committer: Aleksei Efimov <aefimov@openjdk.org> Date: 2023-08-14 17:38:53 +0000 URL: https://git.openjdk.org/jdk/commit/e56d3bc2dab3d32453b6eda66e8434953c436084
14-08-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/15143 Date: 2023-08-03 17:32:43 +0000
04-08-2023