Uploaded image for project: 'Santuario'
  1. Santuario
  2. SANTUARIO-513

Better Signature syntax enforcement

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: C++ 2.0.0, C++ 2.0.1, C++ 2.0.2
    • Fix Version/s: None
    • Component/s: C++
    • Labels:
      None

      Description

      There's a bug in the Signature load routine that relates to a commented out check that was failing the load when unknown content appeared at the end of a Signature element.

      The code was unwisely changed to permit "non-conformant signatures", which is an absolutely indefensible decision. This is how you get security bugs. Non-conformant signatures can go right to hell.

      Adding an option to control this behavior is the absolute minimum we should do, but the default should be strict, and the rest of the load methods should be reviewed for any similar permissiveness.

        Attachments

          Activity

            People

            • Assignee:
              scantor Scott Cantor
              Reporter:
              scantor Scott Cantor
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: