You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Scott Cantor (JIRA)" <ji...@apache.org> on 2018/08/01 14:23:00 UTC
[jira] [Commented] (SANTUARIO-491) Default KeyInfo resolver doesn't
check for empty element content.
[ https://issues.apache.org/jira/browse/SANTUARIO-491?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16565396#comment-16565396 ]
Scott Cantor commented on SANTUARIO-491:
----------------------------------------
An additional issue was identified in the getters for the DSA fields that also needed guards.
> Default KeyInfo resolver doesn't check for empty element content.
> -----------------------------------------------------------------
>
> Key: SANTUARIO-491
> URL: https://issues.apache.org/jira/browse/SANTUARIO-491
> Project: Santuario
> Issue Type: Bug
> Components: C++
> Affects Versions: C++ 1.5.1, C++ 1.6.0, C++ 1.6.1, C++ 1.7.0, C++ 1.7.1, C++ 1.7.2, C++ 1.7.3, C++ 2.0.0
> Reporter: Scott Cantor
> Assignee: Scott Cantor
> Priority: Critical
> Fix For: C++ 2.0.1
>
>
> The KeyInfo cases for RSA/DSA/EC/DER don't have null guards around the extraction of the fields into safeBuffers, leading to crashes.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)