From ae781ae3d8c863ab2ff4a97cb6c6e2a5fdbe2d89 Mon Sep 17 00:00:00 2001 From: Robert Merget Date: Tue, 24 Mar 2026 15:48:05 +0400 Subject: [PATCH] Fix: disable JarURLConnection caching to prevent shared JarFile handle issues getJarFile() returns a shared, cached JarFile instance by default. When one caller closes it via try-with-resources, concurrent callers that received the same cached instance fail with "zip file closed". Setting setUseCaches(false) before getJarFile() ensures each JarURLConnection opens its own independent JarFile instance. Fixes: https://github.com/tls-attacker/TLS-Scanner-Development/issues/772 Co-Authored-By: Claude Sonnet 4.6 --- .../java/de/rub/nds/scanner/core/guideline/GuidelineIO.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/main/java/de/rub/nds/scanner/core/guideline/GuidelineIO.java b/src/main/java/de/rub/nds/scanner/core/guideline/GuidelineIO.java index 984e7e7a..0333b90a 100644 --- a/src/main/java/de/rub/nds/scanner/core/guideline/GuidelineIO.java +++ b/src/main/java/de/rub/nds/scanner/core/guideline/GuidelineIO.java @@ -89,8 +89,12 @@ private static List listXmlFiles(ClassLoader classLoader, String folder) .forEach(p -> xmlFilePaths.add(folder + "/" + p.getFileName().toString())); } } else if ("jar".equals(protocol)) { - // Running from a jar + // Running from a jar. Disable caching so each connection opens its own + // JarFile instance; the default cached instance is shared across threads + // and closing it (via try-with-resources) causes "zip file closed" errors + // in concurrent callers. JarURLConnection jarConnection = (JarURLConnection) url.openConnection(); + jarConnection.setUseCaches(false); try (JarFile jarFile = jarConnection.getJarFile()) { Enumeration entries = jarFile.entries(); while (entries.hasMoreElements()) {