You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Lijun Liao <li...@gmail.com> on 2007/01/24 15:26:03 UTC
Found several bugs in XML-Security 1.4.0 (Java)
Hello,
I am using xml-security 1.4.0 (java) for my project. And I have found
several bugs of this library (Perhaps bugs of the
used third-party libraries):
1. In org.apache.xml.security.c14n.implementations.CanonicalizerBase and
org.apache.xml.security.c14n.implementations.UtfHelpper (How about if the
class name if changed to UtfHelper with ONE p?):
The line if ((c & 0x80) ==0) should be changed to if(c < 0x80), since the
most UTF-chars have 0 at bit 8.
2. There are always two text nodes with the value '\n' in succession within
<ds:SignedInfo> and <ds:X509IssuerSerial>. If we have signed some elements
and wish to add another signature with xpath as the tranform, then we get
the error that says no node can be found to a handle raised by xalan-J).
After the debug I found the responding codes as in following:
01 public SignedInfo(
02 Document doc, Element SignatureMethodElem, Element
CanonicalizationMethodElem)
03 throws XMLSecurityException {
04
05 super(doc);
06 this._constructionElement.appendChild(CanonicalizationMethodElem);
07 XMLUtils.addReturnToElement(this._constructionElement);
08 //Check this?
09 this.c14nMethod=CanonicalizationMethodElem;
10 this._constructionElement.appendChild(c14nMethod);
11 XMLUtils.addReturnToElement(this._constructionElement);
this._signatureAlgorithm = new SignatureAlgorithm(SignatureMethodElem,
null);
signatureMethod=this._signatureAlgorithm.getElement();
this._constructionElement.appendChild(signatureMethod);
XMLUtils.addReturnToElement(this._constructionElement);
}
Line 06 and 10 add the same element twice, hence the line 06 has no effect.
But the text-node with the value "\n" added at line 07 is remained there.
01 public XMLX509IssuerSerial(Document doc, String X509IssuerName,
02 BigInteger X509SerialNumber) {
03 super(doc);
04
05 XMLUtils.addReturnToElement(this._constructionElement);
06 this.addTextElement(X509IssuerName, Constants._TAG_X509ISSUERNAME);
07 XMLUtils.addReturnToElement(this._constructionElement);
08 this.addTextElement(X509SerialNumber.toString(),
Constants._TAG_X509SERIALNUMBER);
09 }
Line 07 should be removed, since '\n' is added in line 06.
Best regards,
Lijun Liao
RE: Found several bugs in XML-Security 1.4.0 (Java)
Posted by Jesse Pelton <js...@PKC.com>.
I think Sean was asking you to do so. This will ensure that you'll be
properly recorded as the reporter of the bugs, which can facilitate
their management. I'd recommend two bug reports, one for each issue.
________________________________
From: Lijun Liao [mailto:lijun.liao@gmail.com]
Sent: Wednesday, January 24, 2007 10:14 AM
To: security-dev@xml.apache.org
Subject: Re: Found several bugs in XML-Security 1.4.0 (Java)
You can open a bug under bugzilla.
Lijun
On 1/24/07, Sean Mullan <Se...@sun.com> wrote:
Thanks for reporting these. Do you mind opening a bug so we can
track
this at: http://issues.apache.org/bugzilla/
--Sean
Lijun Liao wrote:
> Hello,
>
> I am using xml-security 1.4.0 (java) for my project. And I
have found
> several bugs of this library (Perhaps bugs of the
> used third-party libraries):
>
> 1. In
org.apache.xml.security.c14n.implementations.CanonicalizerBase and
> org.apache.xml.security.c14n.implementations.UtfHelpper (How
about if
> the class name if changed to UtfHelper with ONE p?):
> The line if ((c & 0x80) ==0) should be changed to if(c <
0x80), since
> the most UTF-chars have 0 at bit 8.
>
> 2. There are always two text nodes with the value '\n' in
succession
> within <ds:SignedInfo> and <ds:X509IssuerSerial>. If we have
signed some
> elements and wish to add another signature with xpath as the
tranform,
> then we get the error that says no node can be found to a
handle raised
> by xalan-J). After the debug I found the responding codes as
in following:
>
>
> 01 public SignedInfo(
> 02 Document doc, Element SignatureMethodElem, Element
> CanonicalizationMethodElem)
> 03 throws XMLSecurityException {
> 04
> 05 super(doc);
> 06
this._constructionElement.appendChild(CanonicalizationMethodElem);
> 07 XMLUtils.addReturnToElement(this._constructionElement);
> 08 //Check this?
> 09 this.c14nMethod=CanonicalizationMethodElem;
> 10 this._constructionElement.appendChild(c14nMethod);
> 11 XMLUtils.addReturnToElement
(this._constructionElement);
>
> this._signatureAlgorithm = new
> SignatureAlgorithm(SignatureMethodElem, null);
>
> signatureMethod=this._signatureAlgorithm.getElement();
> this._constructionElement.appendChild(signatureMethod);
>
> XMLUtils.addReturnToElement(this._constructionElement);
> }
>
> Line 06 and 10 add the same element twice, hence the line 06
has no
> effect. But the text-node with the value "\n" added at line 07
is
> remained there.
>
>
> 01 public XMLX509IssuerSerial(Document doc, String
X509IssuerName,
>
> 02 BigInteger X509SerialNumber) {
> 03 super(doc);
> 04
> 05
XMLUtils.addReturnToElement(this._constructionElement);
>
> 06 this.addTextElement(X509IssuerName,
Constants._TAG_X509ISSUERNAME);
> 07
XMLUtils.addReturnToElement(this._constructionElement);
> 08 this.addTextElement(X509SerialNumber.toString(),
Constants._TAG_X509SERIALNUMBER);
>
> 09 }
>
> Line 07 should be removed, since '\n' is added in line 06.
>
> Best regards,
>
> Lijun Liao
--
Lijun Liao
Re: Found several bugs in XML-Security 1.4.0 (Java)
Posted by Lijun Liao <li...@gmail.com>.
You can open a bug under bugzilla.
Lijun
On 1/24/07, Sean Mullan <Se...@sun.com> wrote:
>
> Thanks for reporting these. Do you mind opening a bug so we can track
> this at: http://issues.apache.org/bugzilla/
>
> --Sean
>
> Lijun Liao wrote:
> > Hello,
> >
> > I am using xml-security 1.4.0 (java) for my project. And I have found
> > several bugs of this library (Perhaps bugs of the
> > used third-party libraries):
> >
> > 1. In org.apache.xml.security.c14n.implementations.CanonicalizerBase and
> > org.apache.xml.security.c14n.implementations.UtfHelpper (How about if
> > the class name if changed to UtfHelper with ONE p?):
> > The line if ((c & 0x80) ==0) should be changed to if(c < 0x80), since
> > the most UTF-chars have 0 at bit 8.
> >
> > 2. There are always two text nodes with the value '\n' in succession
> > within <ds:SignedInfo> and <ds:X509IssuerSerial>. If we have signed some
> > elements and wish to add another signature with xpath as the tranform,
> > then we get the error that says no node can be found to a handle raised
> > by xalan-J). After the debug I found the responding codes as in
> following:
> >
> >
> > 01 public SignedInfo(
> > 02 Document doc, Element SignatureMethodElem, Element
> > CanonicalizationMethodElem)
> > 03 throws XMLSecurityException {
> > 04
> > 05 super(doc);
> > 06
> this._constructionElement.appendChild(CanonicalizationMethodElem);
> > 07 XMLUtils.addReturnToElement(this._constructionElement);
> > 08 //Check this?
> > 09 this.c14nMethod=CanonicalizationMethodElem;
> > 10 this._constructionElement.appendChild(c14nMethod);
> > 11 XMLUtils.addReturnToElement (this._constructionElement);
> >
> > this._signatureAlgorithm = new
> > SignatureAlgorithm(SignatureMethodElem, null);
> >
> > signatureMethod=this._signatureAlgorithm.getElement();
> > this._constructionElement.appendChild(signatureMethod);
> >
> > XMLUtils.addReturnToElement(this._constructionElement);
> > }
> >
> > Line 06 and 10 add the same element twice, hence the line 06 has no
> > effect. But the text-node with the value "\n" added at line 07 is
> > remained there.
> >
> >
> > 01 public XMLX509IssuerSerial(Document doc, String X509IssuerName,
> >
> > 02 BigInteger X509SerialNumber) {
> > 03 super(doc);
> > 04
> > 05 XMLUtils.addReturnToElement(this._constructionElement);
> >
> > 06 this.addTextElement(X509IssuerName,
> Constants._TAG_X509ISSUERNAME);
> > 07 XMLUtils.addReturnToElement(this._constructionElement);
> > 08 this.addTextElement(X509SerialNumber.toString(),
> Constants._TAG_X509SERIALNUMBER);
> >
> > 09 }
> >
> > Line 07 should be removed, since '\n' is added in line 06.
> >
> > Best regards,
> >
> > Lijun Liao
>
>
--
Lijun Liao
Re: Found several bugs in XML-Security 1.4.0 (Java)
Posted by Sean Mullan <Se...@Sun.COM>.
Thanks for reporting these. Do you mind opening a bug so we can track
this at: http://issues.apache.org/bugzilla/
--Sean
Lijun Liao wrote:
> Hello,
>
> I am using xml-security 1.4.0 (java) for my project. And I have found
> several bugs of this library (Perhaps bugs of the
> used third-party libraries):
>
> 1. In org.apache.xml.security.c14n.implementations.CanonicalizerBase and
> org.apache.xml.security.c14n.implementations.UtfHelpper (How about if
> the class name if changed to UtfHelper with ONE p?):
> The line if ((c & 0x80) ==0) should be changed to if(c < 0x80), since
> the most UTF-chars have 0 at bit 8.
>
> 2. There are always two text nodes with the value '\n' in succession
> within <ds:SignedInfo> and <ds:X509IssuerSerial>. If we have signed some
> elements and wish to add another signature with xpath as the tranform,
> then we get the error that says no node can be found to a handle raised
> by xalan-J). After the debug I found the responding codes as in following:
>
>
> 01 public SignedInfo(
> 02 Document doc, Element SignatureMethodElem, Element
> CanonicalizationMethodElem)
> 03 throws XMLSecurityException {
> 04
> 05 super(doc);
> 06 this._constructionElement.appendChild(CanonicalizationMethodElem);
> 07 XMLUtils.addReturnToElement(this._constructionElement);
> 08 //Check this?
> 09 this.c14nMethod=CanonicalizationMethodElem;
> 10 this._constructionElement.appendChild(c14nMethod);
> 11 XMLUtils.addReturnToElement (this._constructionElement);
>
> this._signatureAlgorithm = new
> SignatureAlgorithm(SignatureMethodElem, null);
>
> signatureMethod=this._signatureAlgorithm.getElement();
> this._constructionElement.appendChild(signatureMethod);
>
> XMLUtils.addReturnToElement(this._constructionElement);
> }
>
> Line 06 and 10 add the same element twice, hence the line 06 has no
> effect. But the text-node with the value "\n" added at line 07 is
> remained there.
>
>
> 01 public XMLX509IssuerSerial(Document doc, String X509IssuerName,
>
> 02 BigInteger X509SerialNumber) {
> 03 super(doc);
> 04
> 05 XMLUtils.addReturnToElement(this._constructionElement);
>
> 06 this.addTextElement(X509IssuerName, Constants._TAG_X509ISSUERNAME);
> 07 XMLUtils.addReturnToElement(this._constructionElement);
> 08 this.addTextElement(X509SerialNumber.toString(), Constants._TAG_X509SERIALNUMBER);
>
> 09 }
>
> Line 07 should be removed, since '\n' is added in line 06.
>
> Best regards,
>
> Lijun Liao