DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38655>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38655 Summary: Canonicalizer gets exception in meny namespaces. Product: Security Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Canonicalization AssignedTo: security-dev@xml.apache.org ReportedBy: [EMAIL PROTECTED] Version: java xml-security 1.3.0. OS: all (actuary, I am using Windows-XP) - Problem when xml data has many namespaces, Canonicalizer#canonicalizeSubtree() throws exception. - Reproduce: [java code] public static String toString(final Node n) throws Exception { ByteArrayOutputStream baos = new ByteArrayOutputStream(); Canonicalizer c14n = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS); byte[] serBytes = c14n.canonicalizeSubtree(n); ... } [using XML data] <?xml version="1.0"?> <wiki xmlns:generated-command="http://foo.com/command"; xmlns:generated-event="http://foo.com/event"; xmlns:command="http://foo.com/command"; xmlns:ui="http://foo.com/ui"; xmlns:event="http://foo.com/event"; xmlns:instruction="http://foo/instruction"; xmlns:directory="http://foo.com/io/directory"; xmlns:function="http://foo.com/function"; xmlns="http://www.w3.org/1999/xhtml"; xmlns:ctrl="http://foo.com/controls"; xmlns:wiki="http://foo.com/samples/wiki";> <wiki:content> <wiki:paragraph /> </wiki:content> </wiki> - Result java.lang.ArrayIndexOutOfBoundsException: 23 at org.apache.xml.security.c14n.implementations.SymbMap.index(Unknown Source) at org.apache.xml.security.c14n.implementations.SymbMap.get(Unknown Source) at org.apache.xml.security.c14n.implementations.NameSpaceSymbTable.addMappingAndRender(Unknown Source) at org.apache.xml.security.c14n.implementations.Canonicalizer20010315.handleAttributesSubtree(Unknown Source) at org.apache.xml.security.c14n.implementations.CanonicalizerBase.canonicalizeSubTree(Unknown Source) at org.apache.xml.security.c14n.implementations.CanonicalizerBase.engineCanonicalizeSubTree(Unknown Source) at org.apache.xml.security.c14n.implementations.CanonicalizerBase.engineCanonicalizeSubTree(Unknown Source) at org.apache.xml.security.c14n.Canonicalizer.canonicalizeSubtree(Unknown Source) ... - My Solution xml-security-1_3_0\src\org\apache\xml\security\c14n\implementations\NameSpaceSymbTable.java line 359, protected int index(Object obj) { Object[] set = keys; int length = set.length; //abs of index int index = (obj.hashCode() & 0x7fffffff) % length; Object cur = set[index]; if (cur == null || (cur.equals( obj))) { return index; } do { index=index==length? 0:++index; // <--- Why ? cur = set[index]; } while (cur != null && (!cur.equals(obj))); return index; } when "index == length-1", "index==length? 0:++index" is evaluated length, it is OutOfBounds! I edited the code to "(index+1) % length" , it works good. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
