santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 33936] New: - XMLSignatureInput.updateOutputStream should not call reset on the inputstream
Date Wed, 09 Mar 2005 18:30:06 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=33936>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=33936

           Summary: XMLSignatureInput.updateOutputStream should not call
                    reset on the inputstream
           Product: Security
           Version: unspecified
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Signature
        AssignedTo: security-dev@xml.apache.org
        ReportedBy: rwong@ariba.com


This is for xmlsec version 1.2 Java. 

The defect is found in the reported configuration, but it should be a general 
defect across all platforms, all OS.

The input stream is returned by instances of 
org.apache.xml.security.utils.resolver.ResourceResolver. 
XMLSignatureInput.upateOutputStream calls the reset method here:

          } else {
            InputStream is = this._inputOctetStreamProxy;
            if (is.markSupported())
                is.reset();
                int num;
                bytes = new byte[1024];
                while ((num=is.read(bytes))>0) {
                	diOs.write(bytes,0,num);
                }
                
          }

Here's the problem:

For implementations of the resolve method where the input stream supports the 
mark operation, the implmentations may not have called the mark method before 
returning. And some implementation of InputStream can throw an IOException if 
the mark method is NOT called before the reset method is called. (An example is 
java.io.BufferedInputStream.) In this case, 
XMLSignatureInput.updateOutputStream throws an IOException, when in fact it 
could get the input stream data by simply reading the input stream. As a 
result, even though my implementation is passing in a valid InputStream, the 
core code throws an IOException when calling the reset method, and mistakenly 
thinks that my XMLSignatureInput instance is not available.

The workaround is for the implementation to make sure mark is called before 
returning the input stream.

But I think the design should be as follows:
The XMLSignatureInput class has no business of resetting the input stream 
becaus it does not if the input stream has been marked or not. The 
implementation of the resolve method should handle all the business of marking 
and resetting the input stream where appropriate.

The contract for the resolve call should be such that the implementation 
returns an XMLSignatureInput which contains a reference to the input stream 
which is ready to be consumed by the core code at whatever the current position 
in the input stream. The implementation can choose to always return a 
XMLSignatureInput that always references a new InputStream instance (in which 
case no mark or reset needs to be called), or the implementing class can choose 
to cache the input stream, mark it, and then calls reset every time the resolve 
method is called.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Mime
View raw message