RFR: 8344220: Remove calls to SecurityManager and doPrivileged in java.net.InetAddress and sun.net.util.IPAddressUtil after JEP 486 integration
Aleksei Efimov
aefimov at openjdk.org
Tue Nov 26 12:26:36 UTC 2024
On Tue, 26 Nov 2024 10:17:06 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:
> Should we clean up the comment in `InetAddressCachePolicy.checkValue()` which says:
>
> ```
> /*
> * If malicious code gets a hold of this method, prevent
> * setting the cache policy to something laxer or some
> * invalid negative value.
> */
> ```
>
> Perhaps change that comment to just say:
>
> ```
> // prevent setting the cache policy to something laxer
> // or some invalid negative value.
> ```
>
> That private method currently throws a `SecurityException` if the value being updated is rejected. Should it throw some other exception instead?
Nice spot Jaikiran. Instead of changing comments and changing the exception type we could just remove the `setIfNotSet` , `setNegativeIfNotSet` and `checkValue` methods given that the `InetAddressCachePolicy` class is not used by modules it is exported to, and not used by any test.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/22376#issuecomment-2500659802
More information about the net-dev
mailing list