Bug 38791 - unescaping of escaped percent (%25) fails
Summary: unescaping of escaped percent (%25) fails
Status: RESOLVED FIXED
Alias: None
Product: Security - Now in JIRA
Classification: Unclassified
Component: C++ Signature (show other bugs)
Version: unspecified
Hardware: PC Windows Server 2003
: P2 major
Target Milestone: ---
Assignee: XML Security Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-02-27 12:29 UTC by Robert
Modified: 2006-04-16 02:35 UTC (History)
0 users


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert 2006-02-27 12:29:53 UTC 
The C++ XML-Security library version 1.2 has a bug in XSECDOMUtils.cpp that
causes it to unescape already unescaped percent characters. The bug can be
reproduced with any xml file that contains an URI with an escaped percent
character (%25).
File Version is:
$Id: XSECDOMUtils.cpp,v 1.26 2005/02/03 13:53:54 milan Exp $

The error happens in line 684. There the starting index for the new percent
search isn't incremented, thus causing it to find the just unescaped percent
character.
a simple changed from
percentIndex = XMLString::indexOf(retPath, chPercent, percentIndex);
to
percentIndex = XMLString::indexOf(retPath, chPercent, ++percentIndex);
fixes this problem.
Comment 1 Berin Lautenbach 2006-04-16 09:35:21 UTC 
Fix (as provided in original report) checked into SVN.

Thanks!