JDK-6696582 : XMLDSig c14n implementation throws ArrayIndexOutOfBounds exc if element has more than 23 attributes
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.xml.crypto
  • Affected Version: 6
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: solaris_10
  • CPU: sparc
  • Submitted: 2008-05-01
  • Updated: 2012-10-24
  • Resolved: 2008-06-10
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
6u10 b26Fixed
If an element has more than 23 attributes, an xml signature over that element will fail to
validate. Instead an ArrayIndexOutOfBoundsException will be thrown. This is due to a bug
in the underlying Apache canonicalization implementaion. It has been fixed in later releases
of the Apache XMLSec libraries (1.4 and up), but JDK 6 is based on 1.3.1 and thus this bug
should be fixed/backported.

This was reported by a user who was trying to validate a signed ODT (Open Office) document. 
See the Java Forum for more information: http://forum.java.sun.com/thread.jspa?threadID=5271276

EVALUATION Yes, this is a bug. There is already a fix available in the Apache XMLSec implementation. See: https://issues.apache.org/bugzilla/show_bug.cgi?id=38655