RFR: 8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar
Hai-May Chao
hchao at openjdk.org
Fri Jul 28 19:16:51 UTC 2023
On Fri, 28 Jul 2023 16:48:36 GMT, Mark Powers <mpowers at openjdk.org> wrote:
>> JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar
>
> src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java line 852:
>
>> 850: Integer tmp = GetIntegerAction.privilegedGetProperty(
>> 851: "jdk.jar.maxSignatureFileSize", 16000000);
>> 852: if (tmp < 0 || tmp > MAX_ARRAY_SIZE) {
>
> Can't `tmp` be `null`? After all, it is an `Integer` object. The rest of your code changes look fine to me.
`tmp` will not be null. `GetIntegerAction.privilegedGetProperty()` will return the default value when jdk.jar.maxSignatureFileSize=null
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15072#discussion_r1277995474
More information about the security-dev
mailing list