Integrated: 8282309: Operation before upper case conversion
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Wed Feb 23 18:36:51 UTC 2022
On Wed, 23 Feb 2022 16:08:49 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
> In the TlsChannelBinding.java implementation, the string operation is placed before the case conversion. The behavior may be not expected.
>
>
> String hashAlg = serverCertificate.getSigAlgName().
> - replace("SHA", "SHA-").toUpperCase(Locale.ENGLISH);
> + toUpperCase(Locale.ENGLISH).replace("SHA", "SHA-");
>
>
> See also [Bernd Eckenfels](mailto:ecki at zusammenkunft.net) comment in [PR 7583](https://github.com/openjdk/jdk/pull/7583)
This pull request has now been integrated.
Changeset: 7dc7184c
Author: Xue-Lei Andrew Fan <xuelei at openjdk.org>
URL: https://git.openjdk.java.net/jdk/commit/7dc7184c10fc8f7a02113056da979a9846a14cd4
Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
8282309: Operation before upper case conversion
Reviewed-by: valeriep, wetmore
-------------
PR: https://git.openjdk.java.net/jdk/pull/7592
More information about the security-dev
mailing list