https://issues.apache.org/bugzilla/show_bug.cgi?id=47353
Summary: Bug in canonicalization from an XPathNodeList
Product: Security
Version: unspecified
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: C++ Canonicalization
AssignedTo: security-dev@xml.apache.org
ReportedBy: j...@metanate.com
When canonicalizing a subsection of an XML file using a XSECC14n20010315
canonicalizer, if the section is set via setXPathMap and the elements in the
XPath set have no namespace prefix but are in a namespace defined on a parent
element in the original document then the canonicalized output is incorrect.
For example, given the following XML:
<Document xmlns="http://www.example.com/document";>
<Data id="data1">
<FileName>image.jpeg</FileName>
<FileType>image/jpeg</FileType>
</Data>
</Document>
if an enveloped signature transform is applied to #data1 (ignoring for now the
lack of signature there...), the result of canonicalization with xml-security-c
is:
<Data xmlns="http://www.example.com/document"; id="data1">
<FileName xmlns="http://www.example.com/document";>image.jpeg</FileName>
<FileType xmlns="http://www.example.com/document";>image/jpeg</FileType>
</Data>
but it should be:
<Data xmlns="http://www.example.com/document"; id="data1">
<FileName>image.jpeg</FileName>
<FileType>image/jpeg</FileType>
</Data>
I will attach a test program and sample file which demonstrate this.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
