SEC-1520: Enumerator not closed or fully-enumerated #1740

Closed
spring-issuemaster opened this Issue Jul 20, 2010 · 1 comment

1 participant

@spring-issuemaster

Marc Batchelor (Migrated from SEC-1520) said:

1- SpringSecurityLdapTemplate.java, in compare (called by the LDAP password authenticator)

NamingEnumeration results = ctx.search(dn, comparisonFilter, new Object[] {value}, ctls);
return Boolean.valueOf(results.hasMore());

-should be more like this-
NamingEnumeration results = ctx.search(dn, comparisonFilter, new Object[] {value}, ctls);
boolean rtn = Boolean.valueOf(results.hasMore());
try {
results.close();
} catch (NamingException ignored) {
// Ignore naming exception on close.
}
return rtn;

2- DefaultDirContextValidator.validateDirContext has a similar problem, but I think that class has been refactored or eliminated.

@spring-issuemaster

Luke Taylor said:

Thanks, this should be fixed now. NamingEnumerations should be closed automtically when garbage collected, but it should certainly be more efficient to close them as early as possible.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment