United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6696582 XMLDSig c14n implementation throws ArrayIndexOutOfBounds exc if element has more than 23 attributes
JDK-6696582 : XMLDSig c14n implementation throws ArrayIndexOutOfBounds exc if element has more than 23 attributes

Details
Type:
Bug
Submit Date:
2008-05-01
Status:
Resolved
Updated Date:
2012-10-24
Project Name:
JDK
Resolved Date:
2008-06-10
Component:
security-libs
OS:
solaris_10
Sub-Component:
javax.xml.crypto
CPU:
sparc
Priority:
P3
Resolution:
Fixed
Affected Versions:
6
Fixed Versions:
6u10 (b26)

Related Reports

Sub Tasks

Description
If an element has more than 23 attributes, an xml signature over that element will fail to
validate. Instead an ArrayIndexOutOfBoundsException will be thrown. This is due to a bug
in the underlying Apache canonicalization implementaion. It has been fixed in later releases
of the Apache XMLSec libraries (1.4 and up), but JDK 6 is based on 1.3.1 and thus this bug
should be fixed/backported.

This was reported by a user who was trying to validate a signed ODT (Open Office) document. 
See the Java Forum for more information: http://forum.java.sun.com/thread.jspa?threadID=5271276

                                    

Comments
EVALUATION

Yes, this is a bug. There is already a fix available in the Apache XMLSec implementation.
See: https://issues.apache.org/bugzilla/show_bug.cgi?id=38655
                                     
2008-05-23



Hardware and Software, Engineered to Work Together