JGSS: Fix dispose() races

src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSCredElement.java

@@ -25,6 +25,7 @@
 package sun.security.jgss.wrapper;
 
 import org.ietf.jgss.*;
+import java.lang.ref.Reference;
 import java.security.Provider;
 import java.util.Map;
 import java.util.List;
@@ -41,6 +42,7 @@
  */
 public class GSSCredElement implements GSSCredentialSpi {
 
+    private final Object lock;
     private int usage;
     long pCred; // Pointer to the gss_cred_id_t structure
     private GSSNameElement name = null;
@@ -73,6 +75,7 @@ void doServicePermCheck() throws GSSException {
     // Warning: called by NativeUtil.c
     GSSCredElement(long pCredentials, GSSNameElement srcName, Oid mech)
         throws GSSException {
+        lock = new Object();
         pCred = pCredentials;
         cStub = GSSLibStub.getInstance(mech);
         usage = GSSCredential.INITIATE_ONLY;
@@ -82,6 +85,7 @@ void doServicePermCheck() throws GSSException {
     private GSSCredElement(GSSNameElement name, String password,
                            Map<String,String> store, int lifetime, int usage,
                            GSSLibStub stub) throws GSSException {
+        lock = new Object();
         cStub = stub;
         this.usage = usage;
 
@@ -127,10 +131,14 @@ public Provider getProvider() {
     }
 
     public void dispose() throws GSSException {
-        name = null;
-        if (pCred != 0) {
-            pCred = cStub.releaseCred(pCred);
+        /* XXX In newer OpenJDK releases we use Cleaner instead */
+        synchronized (lock) {
+            name = null;
+            if (pCred != 0) {
+                pCred = cStub.releaseCred(pCred);
+            }
         }
+        Reference.reachabilityFence(this);
     }
 
     public GSSNameElement getName() throws GSSException {

src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java

@@ -26,6 +26,7 @@
 package sun.security.jgss.wrapper;
 
 import org.ietf.jgss.*;
+import java.lang.Reference;
 import java.security.Provider;
 import java.security.Security;
 import java.io.IOException;
@@ -50,6 +51,7 @@
 public class GSSNameElement implements GSSNameSpi {
 
     long pName = 0; // Pointer to the gss_name_t structure
+    private final Object lock;
     private String printableName;
     private Oid printableType;
     private Oid mech;
@@ -94,10 +96,12 @@ private static Oid getNativeNameType(Oid nameType, GSSLibStub stub) {
     }
 
     private GSSNameElement() {
+        lock = new Object();
         printableName = "<DEFAULT ACCEPTOR>";
     }
 
     GSSNameElement(long pNativeName, Oid mech, GSSLibStub stub) throws GSSException {
+        lock = new Object();
         assert(stub != null);
         if (pNativeName == 0) {
             throw new GSSException(GSSException.BAD_NAME);
@@ -111,6 +115,7 @@ private GSSNameElement() {
 
     GSSNameElement(byte[] nameBytes, Oid nameType, GSSLibStub stub)
         throws GSSException {
+        lock = new Object();
         assert(stub != null);
         if (nameBytes == null) {
             throw new GSSException(GSSException.BAD_NAME);
@@ -320,10 +325,14 @@ public boolean isDefaultCredentialName() {
     }
 
     public void dispose() {
-        if (pName != 0) {
-            cStub.releaseName(pName);
-            pName = 0;
+        /* XXX In newer OpenJDK releases we use Cleaner instead */
+        synchronized (lock) {
+            if (pName != 0) {
+                cStub.releaseName(pName);
+                pName = 0;
+            }
         }
+        Reference.reachabilityFence(this);
     }
 
     @SuppressWarnings("deprecation")

src/java.security.jgss/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java

@@ -26,6 +26,7 @@
 package sun.security.jgss.wrapper;
 
 import org.ietf.jgss.*;
+import java.lang.ref.Reference;
 import java.security.Provider;
 import sun.security.jgss.GSSHeader;
 import sun.security.jgss.GSSUtil;
@@ -59,6 +60,8 @@ class NativeGSSContext implements GSSContextSpi {
 
     private static final int NUM_OF_INQUIRE_VALUES = 6;
 
+    private final Object lock;
+
     // Warning: The following 9 fields are used by NativeUtil.c
     private long pContext = 0; // Pointer to the gss_ctx_id_t structure
     private GSSNameElement srcName;
@@ -189,6 +192,7 @@ private byte[] retrieveToken(InputStream is, int mechTokenLen)
     // Constructor for context initiator
     NativeGSSContext(GSSNameElement peer, GSSCredElement myCred,
                      int time, GSSLibStub stub) throws GSSException {
+        lock = new Object();
         if (peer == null) {
             throw new GSSException(GSSException.FAILURE, 1, "null peer");
         }
@@ -213,6 +217,7 @@ private byte[] retrieveToken(InputStream is, int mechTokenLen)
     // Constructor for context acceptor
     NativeGSSContext(GSSCredElement myCred, GSSLibStub stub)
         throws GSSException {
+        lock = new Object();
         cStub = stub;
         cred = myCred;
         disposeCred = null;
@@ -233,6 +238,7 @@ private byte[] retrieveToken(InputStream is, int mechTokenLen)
     // Constructor for imported context
     // Warning: called by NativeUtil.c
     NativeGSSContext(long pCtxt, GSSLibStub stub) throws GSSException {
+        lock = new Object();
         assert(pContext != 0);
         pContext = pCtxt;
         cStub = stub;
@@ -378,10 +384,14 @@ public void dispose() throws GSSException {
         srcName = null;
         targetName = null;
         delegatedCred = null;
-        if (pContext != 0) {
-            pContext = cStub.deleteContext(pContext);
-            pContext = 0;
+        /* XXX In newer OpenJDK releases we use Cleaner instead */
+        synchronized (lock) {
+            if (pContext != 0) {
+                pContext = cStub.deleteContext(pContext);
+                pContext = 0;
+            }
         }
+        Reference.reachabilityFence(this);
     }
 
     public int getWrapSizeLimit(int qop, boolean confReq,