RFR: 8298420: PEM API: Implementation (Preview) [v17]
Anthony Scarpino
ascarpino at openjdk.org
Sun May 11 19:03:02 UTC 2025
On Fri, 9 May 2025 17:57:30 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Anthony Scarpino has updated the pull request incrementally with one additional commit since the last revision:
>>
>> comments on the 11th
>
> src/java.base/share/classes/java/security/PEMRecord.java line 87:
>
>> 85: */
>> 86: public PEMRecord(String type, String pem, byte[] leadingData) {
>> 87: this.leadingData = (leadingData == null ? null : leadingData.clone());
>
> Not sure we should do the cloning at creation and in the getter. A record is _known_ to be only shallowly immutable and users should be prepared for this, for example, do not pass it to an untrusted method if they want to reuse it. I'd rather change this back to a normal class if you believe array cloning is necessary.
I'm ok uncloning it.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r2083384020
More information about the security-dev
mailing list