You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by Jesse Pelton <js...@PKC.com> on 2005/03/22 16:53:12 UTC

XML-Security-C null pointer dereference

If a document has a signature without a <Reference> element,
DSIGReference::verifyReferenceList() gets passed a NULL
DSIGReferenceList.  It does not check the pointer before dereferencing
it.  The problem can be reproduced by running checksig on the attached
document.  Fall down, go boom!

Changing:

	int size = (int) lst->getSize();

to:

	int size = (lst ? (int) lst->getSize() : 0);

prevents the crash, but I'm not sure whether it completely addresses the
problem.  Certainly the function should defend against this case, but
should it be getting called with a NULL list in the first place?