Patch for JDK-6695402: Jarsigner with multi-byte characters in class names

Weijun Wang at
Tue Sep 26 07:51:27 UTC 2017

> On Sep 26, 2017, at 1:37 PM, Philipp Kunz <philipp.kunz at> wrote:
> Hi Max
> This time I got it with readAllBytes. Thank you for the hint.
> Apparently, UTF characters are allowed in source code, particularly in identifiers here, which also has caused the bug. Even if only for sending patches around I changed it and was surprised to see escaping working not only in strings but also in identifiers.


I've submitted your change to our testing server. Once it's OK, I'll push the changeset.

I assume "Contributed-by: Philipp Kunz <philipp.kunz at>" is good.

BTW, there are several TAB chars and trailing spaces in your patch. I've removed them.

Thanks for your contribution.


> When I had another look at the test I came to the conclusion that it does not need what has been named refClassFileName before. The purpose of the test is only to check a signature of a class with a     two byte character in its name and not at the same time to verify that if that test failed it is specifically because of the name. If it fails there is a problem no matter why. In the beginning it was handy to see the difference but I don't think it should be kept and maintained so I removed it. For the update signature case a second file to sign is still required though.
> I considered multi-byte a one word before but now I also prefer it with a capital b. Anyway, this name might not be the best choice and I changed it to LineBrokenMultiByteCharacter.
> See attached patch.
> Regards,
> Philipp

More information about the security-dev mailing list