[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xml-security-dev
Subject:    DO NOT REPLY [Bug 45475] New: XMLSignature::
From:       bugzilla () apache ! org
Date:       2008-07-24 11:37:03
Message-ID: bug-45475-6260 () https ! issues ! apache ! org/bugzilla/
[Download RAW message or body]

https://issues.apache.org/bugzilla/show_bug.cgi?id=45475

           Summary: XMLSignature::getKeyInfo method modifies document
           Product: Security
           Version: unspecified
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: critical
          Priority: P2
         Component: Signature
        AssignedTo: security-dev@xml.apache.org
        ReportedBy: byby123452000@yahoo.com


The org.w3c.com.document that is assigned to an XMLSignature object through the
document's signature element

Document doc=..;
Element sigElement = doc.get...;

XMLSignature signature = new XMLSignature(sigElement, null);

signature.getKeyInfo();

-> original document is modified

That seems to happen, if no Key Information is present in the signature
Element.

Result: document is modified, future verification fails (e.g. with another
signature Element).

Happens with xml-sec 1.4.2, java version

xml-sec 1.4.0 did not contain this bug.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[prev in list] [next in list] [prev in thread] [next in thread]