JDK-8315422 : getSoTimeout() would be in try block in SSLSocketImpl
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: openjdk8u332,11.0.15,17.0.3,20,21
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2023-08-31
  • Updated: 2024-08-02
  • Resolved: 2023-08-31
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 17 JDK 21 JDK 22 JDK 8
11.0.25-oracleFixed 17.0.13-oracleFixed 21.0.5-oracleFixed 22 b14Fixed 8u431Fixed
Related Reports
Blocks :  
JDK-8274524 - SSLSocket.close() hangs if it is called during the ssl handshake
Relates :  
JDK-8274524 - SSLSocket.close() hangs if it is called during the ssl handshake
Description
The method SSLSocketImpl::closeSocket has the below code snippet,

if (appInput.readLock.tryLock()) {
    int soTimeout = getSoTimeout();
    try {
        // deplete could hang on the skip operation
        // in case of infinite socket read timeout.
        // Change read timeout to avoid deadlock.
        // This workaround could be replaced later
        // with the right synchronization
        if (soTimeout == 0)
            setSoTimeout(DEFAULT_SKIP_TIMEOUT);
        inputRecord.deplete(false);
    } catch (java.net.SocketTimeoutException stEx) {
        // skip timeout exception during deplete
    } finally {
        if (soTimeout == 0)
            setSoTimeout(soTimeout);
        appInput.readLock.unlock();
    }
}

If getSoTimeout() throws an exception, say SocketException, appInput.readLock.unlock() cannot be called.
Comments
jdk11u-dev backport request I would like to have the patch in jdk11u-dev as well, for parity with OracleJDK. The backport needs small adjustments (instanceof usage) in 11 and is low to medium risk.
21-07-2024
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk11u-dev/pull/2869 Date: 2024-07-19 14:04:37 +0000
19-07-2024
jdk17u-dev backport request I would like to have the patch in jdk17u-dev as well, for parity with OracleJDK. The backport is clean and low risk.
18-07-2024
jdk21u-dev backport request I would like to have the patch in jdk21u-dev as well, for parity with OracleJDK. The backport is clean and low risk.
18-07-2024
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk17u-dev/pull/2722 Date: 2024-07-17 11:58:24 +0000
17-07-2024
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk21u-dev/pull/849 Date: 2024-07-17 11:56:54 +0000
17-07-2024
This bug is a part of the JSSE and the component is security-libs. Updated back to security-libs for easy tracking.
16-07-2024
setSoTimeout() also can throws SocketException,If setSoTimeout () throws an exception, say SocketException, appInput.readLock.unlock() cannot be called.
07-10-2023
Seems to be introduced by JDK-8274524, which got backported to previous releases too.
01-09-2023
Changeset: 2264667b Author: John Jiang <jjiang@openjdk.org> Date: 2023-08-31 22:26:48 +0000 URL: https://git.openjdk.org/jdk/commit/2264667bba2311b568257a933813fa76a9e75313
31-08-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/15503 Date: 2023-08-31 02:34:58 +0000
31-08-2023