Affects Version/s: None
Fix Version/s: None
Security Level: Public (Public issues, viewable by everyone)
Environment:Operating System: Windows XP
Implementation of c14n canonization method generates wrong canonical form of Xml
document with latin characters.
Steps to Reproduce:
Generate canonical form of Xml document witch contains latin characters using
Canonicalizer20010315OmitComments class and compare it with canonical form
generated with Stylus Studio 2007 or Microsoft.NET 2.0.
Canonicalizer20010315OmitComments class generates canonical form of Xml document
with latin characters encoded in a wrong way.
The problem is caused by wrong recognition if character is represented with one
or many bytes in file "CanonicalizerBase.java" in method static final void
outputTextToWriter(final String text, final OutputStream writer) in line 829
("if ((c & 0x80) ==0)")
let c = 0x15B //(int)c gives 347, a character 'ś'
c & 0x80 == 0 is true so c is written to OutputStream as single byte 0x5B - '['
character (line 830).
As a result canonical form of input Xml document is generated in a wrong way.
Wrong canonical form causes interoperability problems in verifying digital
signature of files generated with libraries of other vendors.
Xml security libraries for Apache should generate correct canonical form of Xml
documents which contains latin characters.