Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-1938

OS resources leak in HttpAuthenticator/WindowsNegotiateScheme

Agile BoardAttach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      I've discovered a resource leak in Http authentication process on Windows, when Negotiate method is used.  It manifests itself as a slow memory leak in lsass.exe process. Every time a Negotiate authentication is performed a handle to  client credentials and a handle to security context are leaked. The direct reason for it is that dispose() method from WindowsNegotiateScheme class is never called.
      As far I understand the interaction between HttpAuthenticator and WindowsNegotiateScheme, it is caused by HttpAuthenticator not processing final authentication header, as it goes directly to the SUCCESS state. Without processing final authentication header, WindowsNegotiateScheme class doesn't have a chance to complete security context initialisation. which is the cause for not releasing OS resources.

      Attachments

        Issue Links

        depends upon

        Task - A task that needs to be done. HTTPCLIENT-1625 Completely overhaul GSS-API-based authentication backend

        • Major - Major loss of function.
        • Open

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            marcin.krystianc Marcin Krystianc
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment