RFR: JDK-8300416 java.security.MessageDigestSpi clone can result in thread-unsafe clones [v2]

Sean Mullan mullan at openjdk.org
Thu Feb 2 22:12:40 UTC 2023


On Thu, 2 Feb 2023 15:32:14 GMT, Mark Powers <mpowers at openjdk.org> wrote:

>> https://bugs.openjdk.org/browse/JDK-8300416
>
> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
> 
>   copyright

src/java.base/share/classes/java/security/MessageDigestSpi.java line 208:

> 206:     public Object clone() throws CloneNotSupportedException {
> 207:         if (this instanceof Cloneable) {
> 208:             var o = super.clone();

You could instead cast the return value of `super.clone` to `MessageDigestSpi` and avoid the casts below.

-------------

PR: https://git.openjdk.org/jdk/pull/12348



More information about the security-dev mailing list