You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by bu...@apache.org on 2005/07/01 12:11:08 UTC

DO NOT REPLY [Bug 35580] New: - XMLSignatureInput blocks file which is signed

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=35580>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=35580

           Summary: XMLSignatureInput blocks file which is signed
           Product: Security
           Version: Java 1.2.1
          Platform: Sun
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Signature
        AssignedTo: security-dev@xml.apache.org
        ReportedBy: RunR6000@yahoo.com


When signing a binary file generating a detached signature, the file stream
reference to the file is not closed. This means that the file is blocked until
the JVM is terminated.
The problem can be solved by changing the lines in the bottom of
XMLSignatureInput.java from

bytes=JavaUtils.getBytesFromStream(_inputOctetStreamProxy);
_inputOctetStreamProxy=new ByteArrayInputStream(bytes);

to

bytes=JavaUtils.getBytesFromStream(_inputOctetStreamProxy);
_inputOctetStreamProxy.close(); // added line
_inputOctetStreamProxy=new ByteArrayInputStream(bytes);

The bug can be reproduced by generating a detached signature of a file. After
calling the sign method a Thread.sleep(20000) should be called to keep the JVM
running. Try to delete the file while the thread is sleeping.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.