From 5b36bdd6e7a10c8cb1c7c565e50f0d86118da965 Mon Sep 17 00:00:00 2001
From: Gagan Dhakrey <gagandhakrey@Gagans-MacBook-Pro.local>
Date: Sun, 5 Apr 2026 14:29:55 +0530
Subject: [PATCH] Fix native memory leak in SSLFactory cache invalidation and
 resolve buffer offset corruption in EncryptionUtils

---
 .../org/apache/cassandra/security/EncryptionUtils.java     | 3 ++-
 src/java/org/apache/cassandra/security/SSLFactory.java     | 7 ++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/java/org/apache/cassandra/security/EncryptionUtils.java b/src/java/org/apache/cassandra/security/EncryptionUtils.java
index 48868f73c44e..97c37f6f9623 100644
--- a/src/java/org/apache/cassandra/security/EncryptionUtils.java
+++ b/src/java/org/apache/cassandra/security/EncryptionUtils.java
@@ -257,7 +257,8 @@ public int read(ByteBuffer dst) throws IOException
         {
             int readLength = dst.remaining();
             // we should only be performing encrypt/decrypt operations with on-heap buffers, so calling BB.array() should be legit here
-            fileDataInput.readFully(dst.array(), dst.position(), readLength);
+            fileDataInput.readFully(dst.array(), dst.arrayOffset() + dst.position(), readLength);
+            dst.position(dst.position() + readLength);
             return readLength;
         }
 
diff --git a/src/java/org/apache/cassandra/security/SSLFactory.java b/src/java/org/apache/cassandra/security/SSLFactory.java
index be3b66b1a85c..508c8659d67f 100644
--- a/src/java/org/apache/cassandra/security/SSLFactory.java
+++ b/src/java/org/apache/cassandra/security/SSLFactory.java
@@ -233,6 +233,7 @@ private static void checkCachedContextsForReload(boolean forceReload)
      */
     public static void clearSslContextCache()
     {
+        cachedSslContexts.values().forEach(ReferenceCountUtil::release);
         cachedSslContexts.clear();
     }
 
@@ -244,7 +245,11 @@ private static void clearSslContextCache(EncryptionOptions options, List<CacheKe
         cachedSslContexts.forEachKey(1, cacheKey -> {
             if (Objects.equals(options, cacheKey.encryptionOptions))
             {
-                cachedSslContexts.remove(cacheKey);
+                SslContext ctx = cachedSslContexts.remove(cacheKey);
+                if (ctx != null)
+                {
+                    ReferenceCountUtil.release(ctx);
+                }
                 keysToCheck.remove(cacheKey);
             }
         });