You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Colm O hEigeartaigh (Resolved) (JIRA)" <ji...@apache.org> on 2012/02/08 11:32:59 UTC
[jira] [Resolved] (SANTUARIO-299) StringIndexOutOfBoundsException
is thrown during reference verification (if URI = "#")
[ https://issues.apache.org/jira/browse/SANTUARIO-299?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved SANTUARIO-299.
-------------------------------------------
Resolution: Fixed
> StringIndexOutOfBoundsException is thrown during reference verification (if URI = "#")
> ---------------------------------------------------------------------------------------
>
> Key: SANTUARIO-299
> URL: https://issues.apache.org/jira/browse/SANTUARIO-299
> Project: Santuario
> Issue Type: Bug
> Components: Java
> Affects Versions: Java 1.4.6, Java 1.5
> Reporter: Adomas Birstunas
> Assignee: Colm O hEigeartaigh
> Priority: Minor
> Fix For: Java 1.4.7, Java 1.5.1
>
>
> StringIndexOutOfBoundsException is thrown during reference verification (if Reference contains URI = "#"):
> java.lang.StringIndexOutOfBoundsException: String index out of range: 1
> at java.lang.String.charAt(String.java:686)
> at org.apache.xml.security.utils.resolver.implementations.ResolverFragment.engineCanResolve(ResolverFragment.java:133)
> at org.apache.xml.security.utils.resolver.ResourceResolver.canResolve(ResourceResolver.java:338)
> at org.apache.xml.security.utils.resolver.ResourceResolver.getInstance(ResourceResolver.java:107)
> at org.apache.xml.security.utils.resolver.ResourceResolver.getInstance(ResourceResolver.java:183)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Reference.java:417)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Reference.java:614)
> at org.apache.xml.security.signature.Reference.calculateDigest(Reference.java:705)
> at org.apache.xml.security.signature.Reference.verify(Reference.java:761)
> at org.apache.xml.security.signature.Manifest.verifyReferences(Manifest.java:336)
> at org.apache.xml.security.signature.Manifest.verifyReferences(Manifest.java:281)
> Method org.apache.xml.security.utils.resolver.implementations.ResolverFragment.engineCanResolve(...) code:
> if (uriNodeValue.equals("") ||
> ((uriNodeValue.charAt(0) == '#')
> && !((uriNodeValue.charAt(1) == 'x') && uriNodeValue.startsWith("#xpointer(")))
> ) {
> if (log.isDebugEnabled()) {
> log.debug("State I can resolve reference: \"" + uriNodeValue + "\"");
> }
> return true;
> }
> is unsafe, since charAt(1) may not exist.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira