harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Regis <xu.re...@gmail.com>
Subject Re: [classlib][luni] question about File.fixSlashes
Date Tue, 24 Mar 2009 03:04:30 GMT
Nathan Beyer wrote:
> Is there a downstream secirity check that would be less efficient? Maybe 
> the comment is just about perf.

I checked java.io.FilePermission, seems there is no code using "==" to 
test the path.

> 
> Sent from my iPhone
> 
> On Mar 23, 2009, at 4:23 AM, Regis <xu.regis@gmail.com> wrote:
> 
>> Deven You wrote:
>>> I think only return tempPath is ok.
>>
>> Thanks, I suppose so. Just to make sure it's safe to remove the 
>> "unnecessary" check. Any security gurus have different thoughts?
>>
>>> 2009/3/23 Regis <xu.regis@gmail.com>
>>>> Hi,
>>>>
>>>> I noticed some code in File.fixSlashes:
>>>>
>>>>       String tempPath = new String(newPath, 0, newLength);
>>>>       // If it's the same keep it identical for SecurityManager 
>>>> purposes
>>>>       if (!tempPath.equals(origPath)) {
>>>>           return tempPath;
>>>>       }
>>>>       return origPath;
>>>>
>>>> It could be simplified in logic as
>>>>
>>>> return new String(newPath, 0, newLength);
>>>>
>>>> But comments said it's for security reason, I'm not familiar with 
>>>> security,
>>>> are there any cases we must keep the same String reference?
>>>>
>>>> -- 
>>>> Best Regards,
>>>> Regis.
>>>>
>>
>>
>> -- 
>> Best Regards,
>> Regis.
> 


-- 
Best Regards,
Regis.

Mime
View raw message