43230 – Inclusive C14n doesn't always handle xml:space & xml:lang attributes correctly

Bug 43230 - Inclusive C14n doesn't always handle xml:space & xml:lang attributes correctly

Summary: Inclusive C14n doesn't always handle xml:space & xml:lang attributes correctly

Status:	RESOLVED FIXED

Alias:	None

Product:	Security - Now in JIRA
Classification:	Unclassified
Component:	Signature (show other bugs)
Version:	Java 1.4.1
Hardware:	All All

Importance:	P3 normal
Target Milestone:	---
Assignee:	XML Security Developers Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2007-08-28 08:36 UTC by sean.mullan
Modified:	2007-08-28 11:03 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description sean.mullan 2007-08-28 08:36:49 UTC

There is a very subtle bug in the inclusive C14N implementation that sometimes
causes xml:space and xml:lang attributes to be handled incorrectly.

Given the following input:

<?xml version="1.0" encoding="UTF-8"?>
<ietf:Xmllang xmlns:ietf="http://www.ietf.org" 
xmlns:w3c="http://www.w3.org">
   <ietf:e1 xml:lang="EN">
      <ietf:e11>
         <ietf:e111 />
      </ietf:e11>
      <ietf:e12 at="2">
         <ietf:e121 />
      </ietf:e12>
   </ietf:e1>
   <ietf:e2 >
      <ietf:e21 />
   </ietf:e2>
</ietf:Xmllang>

and an XPath expression of "ancestor-or-self::ietf:e1", the c14n representation
should be:

<ietf:e1 xmlns:ietf="http://www.ietf.org" xmlns:w3c="http://www.w3.org"
xml:lang="EN">
      <ietf:e11>
         <ietf:e111></ietf:e111>
      </ietf:e11>
      <ietf:e12 at="2">
         <ietf:e121></ietf:e121>
      </ietf:e12>
   </ietf:e1>

However, the current behavior is:

<ietf:e1 xmlns:ietf="http://www.ietf.org" xmlns:w3c="http://www.w3.org"
xml:lang="EN">
      <ietf:e11>
         <ietf:e111></ietf:e111>
      </ietf:e11>
      <ietf:e12 at="2" xml:lang="EN">
         <ietf:e121></ietf:e121>
      </ietf:e12>
   </ietf:e1>

Notice the xml:lang attribute in the "ietf:e12" element, which was incorrectly
copied from the parent.

The bug is in Canonicalizer20010315.java, in the XmlAttrStack.push() method:

--- Canonicalizer20010315.java  (revision 548379)
+++ Canonicalizer20010315.java  (working copy)
@@ -72,7 +72,7 @@
                if (currentLevel==-1)
                        return;
                cur=null;
-               while (lastlevel>currentLevel) {
+               while (lastlevel>=currentLevel) {
                        levels.remove(levels.size()-1);
                        if (levels.size()==0) {
                                lastlevel=0;

The bug is that the implementation was taking the previous sibling's attribute
context into account, which is not an ancestor, and thus the
attributes were being inherited incorrectly in some cases. The simple 
change above fixes that.