Re: XML Security C++: Incomplete cleanup in XSECC14n20010315 destructor

2007-08-23 Thread Berin Lautenbach 
Hmm.  That's an interesting one.  Have you seen a case where the 
mp_attributes list is not already clear when the destructor is called?


I can see how it could occur if the canonicalisation gets interrupted in 
the midst of outputting Attribute nodes.  This fix would work nicely, 
and I think it should be safe as the code that normally cleans up 
ensures mp_attributes is NULL, so it won't get called unnecessarily.


Cheers,
Berin

Vitaly Prapirny wrote:

Hi!

XSECC14n20010315 destructor performs delete [] m_exclNSList[i] but
m_exclNSList items was allocated with strdup and must be released
with free(). And mp_attributes cleanup is absent in code. So I
propose this version of destructor:

XSECC14n20010315::~XSECC14n20010315() {

if (mp_formatter != NULL)
delete mp_formatter;

// Clear out the exclusive namespace list
int size = (int) m_exclNSList.size();

for (int i = 0; i < size; ++i) {

free(m_exclNSList[i]);

}

m_exclNSList.clear();

while (mp_attributes != NULL) {

mp_currentAttribute = mp_attributes->next;
delete mp_attributes;
mp_attributes = mp_currentAttribute;
}

mp_attributes = mp_currentAttribute = mp_firstNonNsAttribute = NULL;
}

Good luck!
Vitaly

Re: XML Security C++: Incomplete cleanup in XSECC14n20010315 destructor

2007-08-23 Thread Vitaly Prapirny 

Berin Lautenbach wrote:
Hmm.  That's an interesting one.  Have you seen a case where the 
mp_attributes list is not already clear when the destructor is called?


Yes. That is why this fix has been appeared. But I can't remember those
particular case for now, after almost three years :) Sorry for late
report.

I can see how it could occur if the canonicalisation gets interrupted in 
the midst of outputting Attribute nodes.  This fix would work nicely, 
and I think it should be safe as the code that normally cleans up 
ensures mp_attributes is NULL, so it won't get called unnecessarily.


I reached the same conclusion when focusing on this issue today.

Good luck!
Vitaly

DO NOT REPLY [Bug 43197] New: - Canonicalizer.canonicalizeSubtree(Node) omits namespaces for Documents created with DocumentBuilder.newDocument()

2007-08-23 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43197

   Summary: Canonicalizer.canonicalizeSubtree(Node) omits namespaces
for Documents created with DocumentBuilder.newDocument()
   Product: Security
   Version: unspecified
  Platform: PC
OS/Version: Linux
Status: NEW
  Severity: normal
  Priority: P2
 Component: Canonicalization
AssignedTo: security-dev@xml.apache.org
ReportedBy: [EMAIL PROTECTED]


The output of Canonicalizer.canonicalizeSubtree(Node) omits namespaces when a
Document is passed that was created from scratch, i.e. using
DocumentBuilder.newDocument() and appending children manually. This problem
doesn't occur when a Document is passed that was created by parsing, i.e. by
using DocumentBuilder.parse(...).

Reproducible under:
ibm-jdk-1.5.0.4
sun-jdk-1.5.0.12

Using XML-security from Subversion, revision 568937 (checked out on Aug 23, 
2007)

The following JUnit test reproduces the bug:

import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;

import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;

import junit.framework.TestCase;

import org.apache.xml.security.c14n.CanonicalizationException;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.c14n.InvalidCanonicalizerException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

public class CanonicalizationTestCase extends TestCase {
public void test() throws ParserConfigurationException, SAXException,
IOException, TransformerException, InvalidCanonicalizerException,
CanonicalizationException {
org.apache.xml.security.Init.init();
DocumentBuilderFactory _documentBuilderFactory = DocumentBuilderFactory
.newInstance();
_documentBuilderFactory.setNamespaceAware(true);
TransformerFactory _transformerFactory = TransformerFactory
.newInstance();
String dummyXML = "http://dummyNS\";>this is a child";
String dummyNS = "http://dummyNS";;
Document d1; // Document created from scratch
Document d2; // Document created by parsing
DocumentBuilder db1 = _documentBuilderFactory.newDocumentBuilder();
d1 = db1.newDocument();
Element dummyElement = d1.createElementNS(dummyNS, "dummy");
Element childElement = d1.createElementNS(dummyNS, "child");
childElement.setTextContent("this is a child");
dummyElement.appendChild(childElement);
d1.appendChild(dummyElement);
DocumentBuilder db2 = _documentBuilderFactory.newDocumentBuilder();
d2 = db2.parse(new InputSource(new StringReader(dummyXML)));

// compare documents by serializing them to a String
Transformer t = _transformerFactory.newTransformer();
t.setOutputProperty(OutputKeys.METHOD, "xml");
DOMSource source1 = new DOMSource(d1);
StringWriter sw1 = new StringWriter();
t.transform(source1, new StreamResult(sw1));
DOMSource source2 = new DOMSource(d2);
StringWriter sw2 = new StringWriter();
t.transform(source2, new StreamResult(sw2));
System.out.println(sw1.toString());
System.out.println(sw2.toString());
assertEquals(sw2.toString(), sw1.toString());

// compare canonicalizations
Canonicalizer c14n;
c14n = Canonicalizer
   .getInstance("http://www.w3.org/TR/2001/REC-xml-c14n-20010315";);
String output1 = new String(c14n.canonicalizeSubtree(d1));
String output2 = new String(c14n.canonicalizeSubtree(d2));
System.out.println(new String(output1));
System.out.println(new String(output2));
assertEquals(output2, output1);
}
}

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

RE: XML Security C++: Incomplete cleanup in XSECC14n20010315 destructor

2007-08-23 Thread Scott Cantor 
> I can see how it could occur if the canonicalisation gets interrupted in
> the midst of outputting Attribute nodes.  This fix would work nicely,
> and I think it should be safe as the code that normally cleans up
> ensures mp_attributes is NULL, so it won't get called unnecessarily.

Ok, I checked this in also.

I will scan the bugzilla, as well, but anybody willing to check out the
trunk and build it on their favorite OS, particular with Xalan and/or the
NSS support would be appreciated.

-- Scott