You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Jesse Pelton <js...@PKC.com> on 2005/03/22 16:53:12 UTC
XML-Security-C null pointer dereference
If a document has a signature without a <Reference> element,
DSIGReference::verifyReferenceList() gets passed a NULL
DSIGReferenceList. It does not check the pointer before dereferencing
it. The problem can be reproduced by running checksig on the attached
document. Fall down, go boom!
Changing:
int size = (int) lst->getSize();
to:
int size = (lst ? (int) lst->getSize() : 0);
prevents the crash, but I'm not sure whether it completely addresses the
problem. Certainly the function should defend against this case, but
should it be getting called with a NULL list in the first place?