JDK-6696582 : XMLDSig c14n implementation throws ArrayIndexOutOfBounds exc if element has more than 23 attributes
- Type: Bug
- Component: security-libs
- Sub-Component: javax.xml.crypto
- Affected Version: 6
- Priority: P3
- Status: Resolved
- Resolution: Fixed
- OS: solaris_10
- CPU: sparc
- Submitted: 2008-05-01
- Updated: 2012-10-24
- Resolved: 2008-06-10
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 6 |
|---|
6u10 b26Fixed  |
Description
If an element has more than 23 attributes, an xml signature over that element will fail to validate. Instead an ArrayIndexOutOfBoundsException will be thrown. This is due to a bug in the underlying Apache canonicalization implementaion. It has been fixed in later releases of the Apache XMLSec libraries (1.4 and up), but JDK 6 is based on 1.3.1 and thus this bug should be fixed/backported. This was reported by a user who was trying to validate a signed ODT (Open Office) document. See the Java Forum for more information: http://forum.java.sun.com/thread.jspa?threadID=5271276
Comments
|