You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by bu...@apache.org on 2005/07/01 12:11:08 UTC
DO NOT REPLY [Bug 35580] New: -
XMLSignatureInput blocks file which is signed
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=35580>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=35580
Summary: XMLSignatureInput blocks file which is signed
Product: Security
Version: Java 1.2.1
Platform: Sun
OS/Version: Windows XP
Status: NEW
Severity: normal
Priority: P2
Component: Signature
AssignedTo: security-dev@xml.apache.org
ReportedBy: RunR6000@yahoo.com
When signing a binary file generating a detached signature, the file stream
reference to the file is not closed. This means that the file is blocked until
the JVM is terminated.
The problem can be solved by changing the lines in the bottom of
XMLSignatureInput.java from
bytes=JavaUtils.getBytesFromStream(_inputOctetStreamProxy);
_inputOctetStreamProxy=new ByteArrayInputStream(bytes);
to
bytes=JavaUtils.getBytesFromStream(_inputOctetStreamProxy);
_inputOctetStreamProxy.close(); // added line
_inputOctetStreamProxy=new ByteArrayInputStream(bytes);
The bug can be reproduced by generating a detached signature of a file. After
calling the sign method a Thread.sleep(20000) should be called to keep the JVM
running. Try to delete the file while the thread is sleeping.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.