[jira] [Resolved] (AXIS2C-1490) axiom_soap_builder_construct_node should check that the Header element is in a Soap namespace

Tue, 13 Jan 2026 10:51:05 -0800 


     [ 
https://issues.apache.org/jira/browse/AXIS2C-1490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Lazarski resolved AXIS2C-1490.
-------------------------------------
    Fix Version/s: 2.0.0
       Resolution: Fixed

  The SOAP builder was incorrectly accepting malformed SOAP messages where
    Header or Body elements lacked the SOAP namespace prefix (e.g., <Header/>
    instead of <soap:Header/>).
    
    Changes:
    - soap_builder.c: Check soap_builder->done flag after parsing header/body
      to detect namespace validation errors. Also trigger body parsing during
      builder creation to catch body namespace errors early.
    - soap_envelope.c: Allow NULL parameter in set_builder() and set_base_node()
      to properly break circular references during cleanup, preventing memory
      issues when builder creation fails.
    - test_soap.cc: Add 3 test cases for AXIS2C-1490 (header without namespace,
      body without namespace, valid SOAP control test).

> axiom_soap_builder_construct_node should check that the Header element is in 
> a Soap namespace
> ---------------------------------------------------------------------------------------------
>
>                 Key: AXIS2C-1490
>                 URL: https://issues.apache.org/jira/browse/AXIS2C-1490
>             Project: Axis2-C
>          Issue Type: Bug
>          Components: xml/soap
>    Affects Versions: 1.6.0
>            Reporter: Sebastien Bigot
>            Priority: Critical
>             Fix For: 2.0.0
>
>
> The axiom_soap_builder allows to decode such message without any error  :
> <?xml version="1.0" encoding="UTF-8"?><soap:Envelope 
> xmlns:soap="http://www.w3.org/2003/05/soap-envelope";><Header/><soap:Body/></soap:Envelope>
> which is bad because the Header element isn't in the Soap 1.2 namespace (in 
> this example).
> Later, calling axiom_soap_envelope_get_header succeed but this sequence ends 
> in NULL pointer :
> axiom_node_t *aSoapHeaderNode = axiom_soap_header_get_base_node 
> (iSoapHeader,iAxiomEnv);
> axiom_element *aSoapHeaderElem = (axiom_element_t *) 
> axiom_node_get_data_element(aSoapHeaderNode,iAxiomEnv);
> axiom_namespace *aSoapHeaderNS = 
> axiom_element_get_namespace(aSoapHeaderElem,iAxiomEnv,aSoapHeaderNode); => 
> NULL pointer, should be pointer to axiom_namespace matching either 1.1 or 1.2 
> Soap namespace !
> The axiom_soap_builder_construct_node should check that Header and Body 
> elements are in the same namespace than the Soap Envelope element and if not 
> returns in error.
> Regards,
> Sebastien



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to