7094155 Code Review Request (original) (raw)

Xuelei Fan xuelei.fan at oracle.com
Thu Oct 27 02:50:21 UTC 2011


Looks fine to me.

I also look at some other places that use the Node.getLocalName(). As this method may return null, I was wondering it would be nice if we also make changes to com/sun/org/apache/xml/internal/security/utils/ElementCheckerImpl.java, line 10: 9 if ((el == null) || 10 ns!=el.getNamespaceURI() || !el.getLocalName().equals(type)){ 11 return false; 12 }

and signature/Manifest.java, line 337: 334 if ((n.getNodeType() == Node.ELEMENT_NODE) && ((Element) n) 335 .getNamespaceURI() 336 .equals(Constants.SignatureSpecNS) && ((Element) n) 337 .getLocalName().equals(Constants._TAG_MANIFEST)) {

and signature/XMLSignature.java, line 318: 317 if ((keyInfoElem != null) && (keyInfoElem.getNamespaceURI().equals (Constants.SignatureSpecNS) && 318 keyInfoElem.getLocalName().equals(Constants._TAG_KEYINFO)) ) { 319 this._keyInfo = new KeyInfo(keyInfoElem, BaseURI);

If Node.getLocalName() returns, the above lines might throw NPE.

Xuelei

On 10/26/2011 8:54 PM, Sean Mullan wrote:

Hi Xuelei,

Could you please review my fix for 7094155 (JSR105 code throws javax.xml.crypto.URIReference when running into Java 7 VM)? webrev: http://cr.openjdk.java.net/~mullan/webrevs/7094155/webrev.00/ Thanks, Sean



More information about the security-dev mailing list