You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by mu...@apache.org on 2020/07/09 12:28:34 UTC
[santuario-xml-security-java] branch master updated: Fix NPE in
XMLSignatureInput.toString when bytes are null. This can happen in rare/odd
scenarios where an empty node-set is canonicalized (for example,
because of an incorrect XPath Transform expression).
This is an automated email from the ASF dual-hosted git repository.
mullan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/santuario-xml-security-java.git
The following commit(s) were added to refs/heads/master by this push:
new 3fbc0c2 Fix NPE in XMLSignatureInput.toString when bytes are null. This can happen in rare/odd scenarios where an empty node-set is canonicalized (for example, because of an incorrect XPath Transform expression).
3fbc0c2 is described below
commit 3fbc0c2055068ecce3e4f11f847a6496f254ace9
Author: Sean Mullan <se...@gmail.com>
AuthorDate: Wed Jul 8 14:48:03 2020 -0400
Fix NPE in XMLSignatureInput.toString when bytes are null. This can happen
in rare/odd scenarios where an empty node-set is canonicalized (for example,
because of an incorrect XPath Transform expression).
---
.../java/org/apache/xml/security/signature/XMLSignatureInput.java | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java b/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java
index f07c0c2..43882cc 100644
--- a/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java
+++ b/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java
@@ -399,11 +399,11 @@ public class XMLSignatureInput {
+ excludeComments +"/" + getSourceURI();
}
try {
- return "XMLSignatureInput/OctetStream/" + getBytes().length
+ byte[] bytes = getBytes();
+ return "XMLSignatureInput/OctetStream/"
+ + (bytes != null ? bytes.length : 0)
+ " octets/" + getSourceURI();
- } catch (IOException iex) {
- return "XMLSignatureInput/OctetStream//" + getSourceURI();
- } catch (CanonicalizationException cex) {
+ } catch (IOException | CanonicalizationException ex) {
return "XMLSignatureInput/OctetStream//" + getSourceURI();
}
}