4 files changed, 49 insertions, 4 deletions

diff --git a/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_OpenSSLServerSocketImpl.cpp b/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_OpenSSLServerSocketImpl.cpp
index 13a1e61..bb5e3b7 100644
--- a/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_OpenSSLServerSocketImpl.cpp
+++ b/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_OpenSSLServerSocketImpl.cpp
@@ -87,9 +87,9 @@ static void org_apache_harmony_xnet_provider_jsse_OpenSSLServerSocketImpl_init(J
     // 'seed == null' when no SecureRandom Object is set
     // in the SSLContext.
     if (seed != NULL) {
-        jboolean iscopy = JNI_FALSE;
-        jbyte* randseed = env->GetByteArrayElements(seed, &iscopy);
+        jbyte* randseed = env->GetByteArrayElements(seed, NULL);
         RAND_seed((unsigned char*) randseed, 1024);
+        env->ReleaseByteArrayElements(seed, randseed, 0);
     } else {
         RAND_load_file("/dev/urandom", 1024);
     }
diff --git a/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_OpenSSLSocketImpl.cpp b/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_OpenSSLSocketImpl.cpp
index 87f2af3..1b0feeb 100644
--- a/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_OpenSSLSocketImpl.cpp
+++ b/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_OpenSSLSocketImpl.cpp
@@ -989,9 +989,9 @@ static void org_apache_harmony_xnet_provider_jsse_OpenSSLSocketImpl_init(JNIEnv*
     // 'seed == null' when no SecureRandom Object is set
     // in the SSLContext.
     if (seed != NULL) {
-        jboolean iscopy = JNI_FALSE;
-        jbyte* randseed = env->GetByteArrayElements(seed, &iscopy);
+        jbyte* randseed = env->GetByteArrayElements(seed, NULL);
         RAND_seed((unsigned char*) randseed, 1024);
+        env->ReleaseByteArrayElements(seed, randseed, 0);
     } else {
         RAND_load_file("/dev/urandom", 1024);
     }
diff --git a/x-net/src/test/java/tests/api/javax/net/ssl/SSLServerSocketTest.java b/x-net/src/test/java/tests/api/javax/net/ssl/SSLServerSocketTest.java
index 3c1fb2e..c4bae0a 100644
--- a/x-net/src/test/java/tests/api/javax/net/ssl/SSLServerSocketTest.java
+++ b/x-net/src/test/java/tests/api/javax/net/ssl/SSLServerSocketTest.java
@@ -32,6 +32,7 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.net.InetAddress;
 import java.security.KeyStore;
+import java.security.SecureRandom;
 
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
@@ -585,4 +586,26 @@ public class SSLServerSocketTest extends TestCase {
                 .createServerSocket();
         return sss;
     }
+    
+    @TestTargetNew(
+        level = TestLevel.COMPLETE,
+        notes = "Guard against native resource leakage.",
+        method = "SSLSocket",
+        args = {}
+    )
+    public void test_creationStressTest() throws Exception {
+        KeyManager[] keyManagers = getKeyManagers();
+        // Test the default codepath, which uses /dev/urandom.
+        SSLContext sslContext = SSLContext.getInstance("TLS");
+        sslContext.init(keyManagers, null, null);
+        for (int i = 0; i < 2048; ++i) {
+            sslContext.getServerSocketFactory().createServerSocket();
+        }
+        
+        // Test the other codepath, which copies a seed from a byte[].
+        sslContext.init(keyManagers, null, new SecureRandom());
+        for (int i = 0; i < 2048; ++i) {
+            sslContext.getServerSocketFactory().createServerSocket();
+        }
+    }
 }
diff --git a/x-net/src/test/java/tests/api/javax/net/ssl/SSLSocketTest.java b/x-net/src/test/java/tests/api/javax/net/ssl/SSLSocketTest.java
index 5e39cb1..13a0e59 100644
--- a/x-net/src/test/java/tests/api/javax/net/ssl/SSLSocketTest.java
+++ b/x-net/src/test/java/tests/api/javax/net/ssl/SSLSocketTest.java
@@ -26,6 +26,7 @@ import javax.security.cert.X509Certificate;
 
 import java.net.*;
 import java.security.KeyStore;
+import java.security.SecureRandom;
 import java.lang.String;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
@@ -336,6 +337,27 @@ public class SSLSocketTest extends TestCase {
         }
     }
     
+    @TestTargetNew(
+        level = TestLevel.COMPLETE,
+        notes = "Guard against native resource leakage.",
+        method = "SSLSocket",
+        args = {}
+    )
+    public void test_creationStressTest() throws Exception {
+        // Test the default codepath, which uses /dev/urandom.
+        SSLContext sslContext = SSLContext.getInstance("TLS");
+        sslContext.init(null, null, null);
+        for (int i = 0; i < 2048; ++i) {
+            sslContext.getSocketFactory().createSocket();
+        }
+        
+        // Test the other codepath, which copies a seed from a byte[].
+        sslContext.init(null, null, new SecureRandom());
+        for (int i = 0; i < 2048; ++i) {
+            sslContext.getSocketFactory().createSocket();
+        }
+    }
+    
     /**
      * @throws IOException 
      * @tests javax.net.ssl.SSLSocket#addHandshakeCompletedListener(HandshakeCompletedListener listener)