RFR: 8286779: javax.crypto.CryptoPolicyParser#isConsistent always returns 'true' [v2]
Sean Mullan
mullan at openjdk.java.net
Thu Jun 9 21:08:05 UTC 2022
On Tue, 7 Jun 2022 20:52:33 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> Please review a small fix in CryptoPolicyParser class that it should not pass “processedPermissions” parameter by value.
>> Ran MACH5 tier1 and tier2 without failures.
>
> Hai-May Chao has updated the pull request incrementally with two additional commits since the last revision:
>
> - Inconsistent entries test
> - Inconsistent entries test
src/java.base/share/classes/javax/crypto/CryptoPolicyParser.java line 202:
> 200: if (!processedPermissions.isEmpty()) {
> 201: throw new ParsingException(st.lineno(), "Inconsistent policy");
> 202: }
Instead of setting the `allPermEntryFound` flag, what if you instead put an entry for `CryptoAllPermission.ALG_NAME` in `processedPermissions` here. Then if there are more entries after this, I think `isConsistent` will catch it in the following code:
if (processedPermissions.containsKey(CryptoAllPermission.ALG_NAME)) {
return false;
}
-------------
PR: https://git.openjdk.org/jdk/pull/8985
More information about the security-dev
mailing list