OpenJDK / jdk / hs
changeset 23930:0e5983df5018
8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String
Reviewed-by: xuelei
| author | mullan |
|---|---|
| date | Wed, 16 Apr 2014 09:46:49 -0400 |
| parents | c2b6216ef41d |
| children | 7b24912f728f |
| files | jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java jdk/test/javax/xml/crypto/dsig/GenerationTests.java |
| diffstat | 2 files changed, 29 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java Thu Apr 10 13:19:29 2014 -0700 +++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java Wed Apr 16 09:46:49 2014 -0400 @@ -922,7 +922,7 @@ Element foundElement = null; String id = value.trim(); - if (id.charAt(0) == '#') { + if (!id.isEmpty() && id.charAt(0) == '#') { id = id.substring(1); } @@ -982,7 +982,7 @@ Node processedNode = null; String id = value.trim(); - if (id.charAt(0) == '#') { + if (!id.isEmpty() && id.charAt(0) == '#') { id = id.substring(1); }
--- a/jdk/test/javax/xml/crypto/dsig/GenerationTests.java Thu Apr 10 13:19:29 2014 -0700 +++ b/jdk/test/javax/xml/crypto/dsig/GenerationTests.java Wed Apr 16 09:46:49 2014 -0400 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ /** * @test - * @bug 4635230 6283345 6303830 6824440 6867348 7094155 + * @bug 4635230 6283345 6303830 6824440 6867348 7094155 8038184 * @summary Basic unit tests for generating XML Signatures with JSR 105 * @compile -XDignore.symbol.file KeySelectors.java SignatureValidator.java * X509KeySelector.java GenerationTests.java @@ -135,6 +135,7 @@ test_create_signature_enveloping_sha512_rsa_sha512(); test_create_signature_reference_dependency(); test_create_signature_with_attr_in_no_namespace(); + test_create_signature_with_empty_id(); } private static void setup() throws Exception { @@ -509,6 +510,30 @@ System.out.println(); } + static void test_create_signature_with_empty_id() throws Exception { + System.out.println("* Generating signature-with-empty-id.xml"); + + // create references + List<Reference> refs = Collections.singletonList + (fac.newReference("#", sha1)); + + // create SignedInfo + SignedInfo si = fac.newSignedInfo(withoutComments, rsaSha1, refs); + + // create object with empty id + Document doc = db.newDocument(); + XMLObject obj = fac.newXMLObject(Collections.singletonList + (new DOMStructure(doc.createTextNode("I am the text."))), + "", "text/plain", null); + + // create XMLSignature + XMLSignature sig = fac.newXMLSignature(si, rsa, + Collections.singletonList(obj), + "signature", null); + DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA"), doc); + sig.sign(dsc); + } + static void test_create_signature() throws Exception { System.out.println("* Generating signature.xml");