harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nathan Beyer <nbe...@gmail.com>
Subject Re: [classlib][luni] question about File.fixSlashes
Date Mon, 23 Mar 2009 14:55:15 GMT
Is there a downstream secirity check that would be less efficient?  
Maybe the comment is just about perf.

Sent from my iPhone

On Mar 23, 2009, at 4:23 AM, Regis <xu.regis@gmail.com> wrote:

> Deven You wrote:
>> I think only return tempPath is ok.
>
> Thanks, I suppose so. Just to make sure it's safe to remove the  
> "unnecessary" check. Any security gurus have different thoughts?
>
>> 2009/3/23 Regis <xu.regis@gmail.com>
>>> Hi,
>>>
>>> I noticed some code in File.fixSlashes:
>>>
>>>       String tempPath = new String(newPath, 0, newLength);
>>>       // If it's the same keep it identical for SecurityManager  
>>> purposes
>>>       if (!tempPath.equals(origPath)) {
>>>           return tempPath;
>>>       }
>>>       return origPath;
>>>
>>> It could be simplified in logic as
>>>
>>> return new String(newPath, 0, newLength);
>>>
>>> But comments said it's for security reason, I'm not familiar with  
>>> security,
>>> are there any cases we must keep the same String reference?
>>>
>>> --
>>> Best Regards,
>>> Regis.
>>>
>
>
> -- 
> Best Regards,
> Regis.

Mime
View raw message