6992545: FindBugs scan - Malicious code vulnerability Warnings in com.sun.net.httpserver.HttpsParameters.*
Reviewed-by: alanb
--- a/jdk/src/share/classes/com/sun/net/httpserver/BasicAuthenticator.java Mon Oct 18 09:05:49 2010 -0400
+++ b/jdk/src/share/classes/com/sun/net/httpserver/BasicAuthenticator.java Mon Oct 18 16:51:26 2010 +0100
@@ -24,9 +24,6 @@
*/
package com.sun.net.httpserver;
-import java.net.*;
-import java.io.*;
-import java.util.*;
/**
* BasicAuthenticator provides an implementation of HTTP Basic
@@ -57,7 +54,6 @@
public Result authenticate (HttpExchange t)
{
- HttpContext context = t.getHttpContext();
Headers rmap = (Headers) t.getRequestHeaders();
/*
* look for auth token
--- a/jdk/src/share/classes/com/sun/net/httpserver/Filter.java Mon Oct 18 09:05:49 2010 -0400
+++ b/jdk/src/share/classes/com/sun/net/httpserver/Filter.java Mon Oct 18 16:51:26 2010 +0100
@@ -25,11 +25,7 @@
package com.sun.net.httpserver;
-import java.net.*;
-import java.io.*;
-import java.nio.*;
-import java.nio.channels.*;
-import sun.net.www.MessageHeader;
+import java.io.IOException;
import java.util.*;
/**
@@ -56,12 +52,10 @@
/* the last element in the chain must invoke the users
* handler
*/
- private List<Filter> filters;
private ListIterator<Filter> iter;
private HttpHandler handler;
public Chain (List<Filter> filters, HttpHandler handler) {
- this.filters = filters;
iter = filters.listIterator();
this.handler = handler;
}
--- a/jdk/src/share/classes/com/sun/net/httpserver/Headers.java Mon Oct 18 09:05:49 2010 -0400
+++ b/jdk/src/share/classes/com/sun/net/httpserver/Headers.java Mon Oct 18 16:51:26 2010 +0100
@@ -26,7 +26,6 @@
package com.sun.net.httpserver;
import java.util.*;
-import java.io.*;
/**
* HTTP request and response headers are represented by this class which implements
@@ -77,19 +76,16 @@
if (len == 0) {
return key;
}
- char[] b = new char [len];
- String s = null;
- b = key.toCharArray();
- if (b[0] >= 'a' && b[0] <= 'z') {
- b[0] = (char)(b[0] - ('a' - 'A'));
+ char[] b = key.toCharArray();
+ if (b[0] >= 'a' && b[0] <= 'z') {
+ b[0] = (char)(b[0] - ('a' - 'A'));
+ }
+ for (int i=1; i<len; i++) {
+ if (b[i] >= 'A' && b[i] <= 'Z') {
+ b[i] = (char) (b[i] + ('a' - 'A'));
}
- for (int i=1; i<len; i++) {
- if (b[i] >= 'A' && b[i] <= 'Z') {
- b[i] = (char) (b[i] + ('a' - 'A'));
- }
- }
- s = new String (b);
- return s;
+ }
+ return new String(b);
}
public int size() {return map.size();}
--- a/jdk/src/share/classes/com/sun/net/httpserver/HttpsParameters.java Mon Oct 18 09:05:49 2010 -0400
+++ b/jdk/src/share/classes/com/sun/net/httpserver/HttpsParameters.java Mon Oct 18 16:51:26 2010 +0100
@@ -24,9 +24,7 @@
*/
package com.sun.net.httpserver;
-import java.net.*;
-import java.io.*;
-import java.util.*;
+import java.net.InetSocketAddress;
import javax.net.ssl.SSLParameters;
/**
@@ -90,7 +88,7 @@
* have been set.
*/
public String[] getCipherSuites() {
- return cipherSuites;
+ return cipherSuites != null ? cipherSuites.clone() : null;
}
/**
@@ -99,7 +97,7 @@
* @param cipherSuites the array of ciphersuites (or null)
*/
public void setCipherSuites(String[] cipherSuites) {
- this.cipherSuites = cipherSuites;
+ this.cipherSuites = cipherSuites != null ? cipherSuites.clone() : null;
}
/**
@@ -110,7 +108,7 @@
* have been set.
*/
public String[] getProtocols() {
- return protocols;
+ return protocols != null ? protocols.clone() : null;
}
/**
@@ -119,7 +117,7 @@
* @param protocols the array of protocols (or null)
*/
public void setProtocols(String[] protocols) {
- this.protocols = protocols;
+ this.protocols = protocols != null ? protocols.clone() : null;
}
/**