You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by mu...@apache.org on 2020/07/09 12:28:34 UTC

[santuario-xml-security-java] branch master updated: Fix NPE in XMLSignatureInput.toString when bytes are null. This can happen in rare/odd scenarios where an empty node-set is canonicalized (for example, because of an incorrect XPath Transform expression).

This is an automated email from the ASF dual-hosted git repository.

mullan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/santuario-xml-security-java.git


The following commit(s) were added to refs/heads/master by this push:
     new 3fbc0c2  Fix NPE in XMLSignatureInput.toString when bytes are null. This can happen in rare/odd scenarios where an empty node-set is canonicalized (for example, because of an incorrect XPath Transform expression).
3fbc0c2 is described below

commit 3fbc0c2055068ecce3e4f11f847a6496f254ace9
Author: Sean Mullan <se...@gmail.com>
AuthorDate: Wed Jul 8 14:48:03 2020 -0400

    Fix NPE in XMLSignatureInput.toString when bytes are null. This can happen
    in rare/odd scenarios where an empty node-set is canonicalized (for example,
    because of an incorrect XPath Transform expression).
---
 .../java/org/apache/xml/security/signature/XMLSignatureInput.java | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java b/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java
index f07c0c2..43882cc 100644
--- a/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java
+++ b/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java
@@ -399,11 +399,11 @@ public class XMLSignatureInput {
                 + excludeComments +"/" + getSourceURI();
         }
         try {
-            return "XMLSignatureInput/OctetStream/" + getBytes().length
+            byte[] bytes = getBytes();
+            return "XMLSignatureInput/OctetStream/"
+                   + (bytes != null ? bytes.length : 0)
                    + " octets/" + getSourceURI();
-        } catch (IOException iex) {
-            return "XMLSignatureInput/OctetStream//" + getSourceURI();
-        } catch (CanonicalizationException cex) {
+        } catch (IOException | CanonicalizationException ex) {
             return "XMLSignatureInput/OctetStream//" + getSourceURI();
         }
     }