RFR: 7065228: To interpret case-insensitive string locale independently [v2]

Michael McMahon michaelm at openjdk.org
Fri May 19 11:26:52 UTC 2023


On Wed, 17 May 2023 13:53:55 GMT, Darragh Clarke <duke at openjdk.org> wrote:

>> Updated instances of `toLowerCase` and `toUpperCase` in several net and io files to specify `Locale.ROOT` to ensure that case conversion issues don't occur,
>> 
>> I didn't add any new tests but ran tier 1-3 with no issues
>
> Darragh Clarke has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - Update src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java
>    
>    Co-authored-by: Daniel Jelinski <djelinski1 at gmail.com>
>  - removed StreamTokenizer changes, will make seperate ticket for those

Seems like a useful change and I can see how issues could arise if strings were stored somewhere after being upper/lower cased and then reused in a different locale. 

Is it correct to say that the assumption is these strings are all supposed to be US ASCII (eg protocol defined identifiers, or hostnames etc) rather than user generated text strings? That seems to be the case as far as I can see.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/14006#issuecomment-1554431858


More information about the security-dev mailing list