Uploaded image for project: 'Santuario'
  1. Santuario
  2. SANTUARIO-299

StringIndexOutOfBoundsException is thrown during reference verification (if URI = "#")

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: Java 1.4.6, Java 1.5
    • Fix Version/s: Java 1.4.7, Java 1.5.1
    • Component/s: Java
    • Security Level: Public (Public issues, viewable by everyone)
    • Labels:
      None

      Description

      StringIndexOutOfBoundsException is thrown during reference verification (if Reference contains URI = "#"):

      java.lang.StringIndexOutOfBoundsException: String index out of range: 1
      at java.lang.String.charAt(String.java:686)
      at org.apache.xml.security.utils.resolver.implementations.ResolverFragment.engineCanResolve(ResolverFragment.java:133)
      at org.apache.xml.security.utils.resolver.ResourceResolver.canResolve(ResourceResolver.java:338)
      at org.apache.xml.security.utils.resolver.ResourceResolver.getInstance(ResourceResolver.java:107)
      at org.apache.xml.security.utils.resolver.ResourceResolver.getInstance(ResourceResolver.java:183)
      at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Reference.java:417)
      at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Reference.java:614)
      at org.apache.xml.security.signature.Reference.calculateDigest(Reference.java:705)
      at org.apache.xml.security.signature.Reference.verify(Reference.java:761)
      at org.apache.xml.security.signature.Manifest.verifyReferences(Manifest.java:336)
      at org.apache.xml.security.signature.Manifest.verifyReferences(Manifest.java:281)

      Method org.apache.xml.security.utils.resolver.implementations.ResolverFragment.engineCanResolve(...) code:

      if (uriNodeValue.equals("") ||
      ((uriNodeValue.charAt(0) == '#')
      && !((uriNodeValue.charAt(1) == 'x') && uriNodeValue.startsWith("#xpointer(")))
      ) {
      if (log.isDebugEnabled())

      { log.debug("State I can resolve reference: \"" + uriNodeValue + "\""); }

      return true;
      }
      is unsafe, since charAt(1) may not exist.

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              adomas Adomas Birstunas
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: