Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
None
-
None
-
Security Level: Public (Public issues, viewable by everyone)
-
None
-
Operating System: Windows XP
Platform: PC
-
41462
Description
Overview Description:
Implementation of c14n canonization method generates wrong canonical form of Xml
document with latin characters.
Steps to Reproduce:
Generate canonical form of Xml document witch contains latin characters using
Canonicalizer20010315OmitComments class and compare it with canonical form
generated with Stylus Studio 2007 or Microsoft.NET 2.0.
Actual Results:
Canonicalizer20010315OmitComments class generates canonical form of Xml document
with latin characters encoded in a wrong way.
The problem is caused by wrong recognition if character is represented with one
or many bytes in file "CanonicalizerBase.java" in method static final void
outputTextToWriter(final String text, final OutputStream writer) in line 829
("if ((c & 0x80) ==0)")
Example:
let c = 0x15B //(int)c gives 347, a character 'ś'
c & 0x80 == 0 is true so c is written to OutputStream as single byte 0x5B - '['
character (line 830).
As a result canonical form of input Xml document is generated in a wrong way.
Wrong canonical form causes interoperability problems in verifying digital
signature of files generated with libraries of other vendors.
Expected Results:
Xml security libraries for Apache should generate correct canonical form of Xml
documents which contains latin characters.
Attachments
Issue Links
- is duplicated by
-
SANTUARIO-123 Canonicalization failed with some latin2 characters
- Closed
-
SANTUARIO-109 UTF-encoding
- Closed