Found several bugs in XML-Security 1.4.0 (Java)

Wed, 24 Jan 2007 06:27:28 -0800 

Hello,

I am using xml-security 1.4.0 (java) for my project. And I have found
several bugs of this library (Perhaps bugs of the
used third-party libraries):

1. In org.apache.xml.security.c14n.implementations.CanonicalizerBase and
org.apache.xml.security.c14n.implementations.UtfHelpper (How about if the
class name if changed to UtfHelper with ONE p?):
The line if ((c & 0x80) ==0)  should be changed to if(c < 0x80), since the
most UTF-chars have 0 at bit 8.

2. There are always two text nodes with the value '\n' in succession within
<ds:SignedInfo> and <ds:X509IssuerSerial>. If we have signed some elements
and wish to add another signature with xpath as the tranform, then we get
the error that says no node can be found to a handle raised by xalan-J).
After the debug I found the responding codes as in following:


01  public SignedInfo(
02         Document doc, Element SignatureMethodElem, Element
CanonicalizationMethodElem)
03             throws XMLSecurityException {
04
05     super(doc);
06     this._constructionElement.appendChild(CanonicalizationMethodElem);
07     XMLUtils.addReturnToElement(this._constructionElement);
08     //Check this?
09     this.c14nMethod=CanonicalizationMethodElem;
10     this._constructionElement.appendChild(c14nMethod);
11     XMLUtils.addReturnToElement(this._constructionElement);

     this._signatureAlgorithm = new SignatureAlgorithm(SignatureMethodElem,
null);

     signatureMethod=this._signatureAlgorithm.getElement();
     this._constructionElement.appendChild(signatureMethod);

     XMLUtils.addReturnToElement(this._constructionElement);
  }

Line 06 and 10 add the same element twice, hence the line 06 has no effect.
But the text-node with the value "\n" added at line 07 is remained there.


01 public XMLX509IssuerSerial(Document doc, String X509IssuerName,

02                             BigInteger X509SerialNumber) {
03    super(doc);
04
05      XMLUtils.addReturnToElement(this._constructionElement);
06      this.addTextElement(X509IssuerName, Constants._TAG_X509ISSUERNAME);
07      XMLUtils.addReturnToElement(this._constructionElement);
08      this.addTextElement(X509SerialNumber.toString(),
Constants._TAG_X509SERIALNUMBER);
09   }

Line 07 should be removed, since '\n' is added in line 06.

Best regards,

Lijun Liao

Reply via email to