RFR: 7065228: To interpret case-insensitive string locale independently [v2]
Michael McMahon
michaelm at openjdk.org
Fri May 19 11:26:52 UTC 2023
On Wed, 17 May 2023 13:53:55 GMT, Darragh Clarke <duke at openjdk.org> wrote:
>> Updated instances of `toLowerCase` and `toUpperCase` in several net and io files to specify `Locale.ROOT` to ensure that case conversion issues don't occur,
>>
>> I didn't add any new tests but ran tier 1-3 with no issues
>
> Darragh Clarke has updated the pull request incrementally with two additional commits since the last revision:
>
> - Update src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java
>
> Co-authored-by: Daniel Jelinski <djelinski1 at gmail.com>
> - removed StreamTokenizer changes, will make seperate ticket for those
Seems like a useful change and I can see how issues could arise if strings were stored somewhere after being upper/lower cased and then reused in a different locale.
Is it correct to say that the assumption is these strings are all supposed to be US ASCII (eg protocol defined identifiers, or hostnames etc) rather than user generated text strings? That seems to be the case as far as I can see.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/14006#issuecomment-1554431858
More information about the security-dev
mailing list