DO NOT REPLY [Bug 46681] New: Erroneous check for reference equality to compare two Strings

bugzilla Mon, 09 Feb 2009 08:51:22 -0800

https://issues.apache.org/bugzilla/show_bug.cgi?id=46681


           Summary: Erroneous check for reference equality to compare two
                    Strings
           Product: Security
           Version: unspecified
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Canonicalization
        AssignedTo: security-dev@xml.apache.org
        ReportedBy: jason.hal...@vordel.com


When using a DOM model which doesn't return an interned String for the default
namespace uri in Attr.getNamespaceURI(), the following line fails in
org.apache.xml.security.c14n.implementations.Canonicalizer20010315Excl.handleAttributesSubtree():

if (XMLNS_URI!=N.getNamespaceURI()) {
...

This allows extraneous namespace declarations to fall thru canonicalization on
certain DOM implementations.

I don't think there's any requirement that the namespace URI that's returned
should be the same reference as the literal string it's being compared against
here.

Should be :

if (!(XMLNS_URI.equals(N.getNamespaceURI())) {
...


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

DO NOT REPLY [Bug 46681] New: Erroneous check for reference equality to compare two Strings

Reply via email to