RFR: 8282309: Operation before upper case conversion
Bradford Wetmore
wetmore at openjdk.java.net
Wed Feb 23 18:31:02 UTC 2022
On Wed, 23 Feb 2022 16:08:49 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
> In the TlsChannelBinding.java implementation, the string operation is placed before the case conversion. The behavior may be not expected.
>
>
> String hashAlg = serverCertificate.getSigAlgName().
> - replace("SHA", "SHA-").toUpperCase(Locale.ENGLISH);
> + toUpperCase(Locale.ENGLISH).replace("SHA", "SHA-");
>
>
> See also [Bernd Eckenfels](mailto:ecki at zusammenkunft.net) comment in [PR 7583](https://github.com/openjdk/jdk/pull/7583)
Checking other java.security.*/sun.security.* components outside JSSE would be a good idea, but this particular change looks good to me also.
-------------
Marked as reviewed by wetmore (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/7592
More information about the security-dev
mailing list