santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Mullan <Sean.Mul...@Sun.COM>
Subject Re: Cannot reproduce #41462 (canonicalization issue with non-ascii chars)
Date Wed, 05 Dec 2007 22:06:58 GMT
Rafael wrote:
> Hi,
> 
> Our software is using xmlsec-1.4.1. However, we are very interested on
> reproducing that canonicalization issue that showed up in 1.4.0 by replacing
> 1.4.1 with 1.4.0 in our software and testing.
> After a quick look into the bug description and the CanonicalizerBase.java file,
> we expected the issue to manifest when signing a xml piece of data that is
> containing a CDATA section with scandinavian characters. For instance:
> 
> <script>
> <![CDATA[
> function matchwo(a,b)
> {
> if (a < b && a < 0) then
> {
> //öäå
> return 1
> }
> else
> {
> //ÖÄÅ
> return 0
> }
> }
> ]]>
> </script>
> 
> In our tests, we send such a xml block to a servlet which will try to sign it.
> But we are unable to find any problems, i.e, the signatures created with both
> 1.4.1 and 1.4.0 are the same.
> 
> Could anyone give us some indication?

I was not involved in fixing this bug, but I suggest you have a look at 
the unit test that was written and this may give you a better idea how 
to reproduce it:

src_unitTests/org/apache/xml/security/c14n/implementations/UtfHelperTest.java

--Sean



Mime
View raw message