[xml] Re: [xmlsec] exc c14n w/o comments bug

Hi, Tomas!

Yes, you are right it is a bug and with the same roots: the namespace
declaration in the element is different from the attribute namespace.

I am really sorry that I did not get to this problem. I just have
no time left these days. But I have it on my "todo" list and I will
look at it as soon as I can.

Sorry for inconvenience,

Tomas Sieger wrote:
I found another "mutation" of the bug I already reported several weeks ago: multiple namespace declaration in the output of the exclusive c14n w/o comments.

This time, the bug is really serious. Even libxml2 can't parse its own output :-))).

You can reproduce the bug using the attached files.


  ./testC14N --exc-without-comments b.xml b.xpath

I can see this output:

xmlns:i="http://www.w3.org/2001/XMLSchema-instance"; xmlns:i="http://www.w3.org/2001/XMLSchema-instance"; xmlns:wn0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wn1="http://xmlsoap.org/Ping"; wn0:Id="Id-Ticket1" i:nil="true" i:type="wn1:ticketType"></wn1:ticket>

Note the "i" namespace is declared for two times!



<?xml version="1.0" encoding="UTF-8"?>
<e:Envelope xmlns:d="http://www.w3.org/2001/XMLSchema"; xmlns:e="http://schemas.xmlsoap.org/soap/envelope/"; 
xmlns:wn0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wn1="http://xmlsoap.org/Ping";>
  <e:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; 
    <wn1:Ping i:type="wn1:ping">
      <wn1:ticket wn0:Id="Id-Ticket1" i:nil="true" i:type="wn1:ticketType"/>
      <wn1:text i:type="d:string">Systinet - Scenario #5</wn1:text>


<XPath xmlns:wn1="http://xmlsoap.org/Ping";>
(//. | //@* | //namespace::*)[ancestor-or-self::wn1:ticket]

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]