RFR JDK-8134364: Add defensive copies to get/set methods for OCSPNonceExtension
Sean Mullan
sean.mullan at oracle.com
Tue Aug 25 13:40:41 UTC 2015
Is it necessary for the class to implement CertAttrSet? I realize all of
the internal X.509 extensions implement that, but that was done a long
time ago and not something we really want to carry forward if not
needed. I think it would be cleaner not to do that as it would more
easily allow you to make the class immutable, and would allow you to
remove the set method.
Thanks,
Sean
On 08/25/2015 04:14 AM, Xuelei Fan wrote:
> OCSPNonceExtension.java
> =======================
> - nonceData = (byte[])obj;
> + nonceData = ((byte[])obj).clone();
>
> Do you want to check null obj?
>
> - return nonceData;
> + return (nonceData != null ? nonceData.clone() : null);
>
> I think you may want to enclose the "!=" operator as:
>
> + return (nonceData != null) ? nonceData.clone() : null;
>
>
> Xuelei
>
> On 8/25/2015 12:55 PM, Jamil Nimeh wrote:
>> Hi all,
>>
>> This is a quick fix to the OCSPNonceExtension class to add a couple
>> defensive copies to public get/set methods.
>>
>> JBS Bug: https://bugs.openjdk.java.net/browse/JDK-8134364
>> Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8134364/webrev.00
>>
>> Thanks,
>> --Jamil
>
More information about the security-dev
mailing list