Code review request: 8021789: jarsigner parses alias as command line option (depending on locale)
Vincent Ryan
vincent.x.ryan at oracle.com
Thu Aug 1 11:05:44 UTC 2013
Your fix looks fine.
On 31 Jul 2013, at 08:04, Weijun Wang wrote:
> Hi All
>
> Please review the fix at
>
> http://cr.openjdk.java.net/~weijun/8021789/webrev.00/
>
> The problem is that jarsigner uses Collator::compare to check for command line options, and if that Collator uses Collator.PRIMARY as strength it treats "-debug" and "debug" the same (in some locales?). I have no idea how people depend on other features of Collator.PRIMARY, so I move the filename/alias check to the beginning of the long if block.
>
> Also I fixed a small bug on empty argument. Of course, an empty argument is always useless but StringIndexOutOfBoundsException is not a friendly response.
>
> Thanks
> Max
More information about the security-dev
mailing list