[xmlsec] Ouch -- xpath again -- a bug this time, I think

Moultrie, Ferrell (ISSAtlanta) FMoultrie at iss.net
Wed Aug 28 21:12:05 PDT 2002

  I've validated a bunch of signatures with 0.0.8 and that's working
well. However, I've found one signature that won't validate -- it
appears to be an xpath failure -- xpath is selecting the wrong data. I
can make a 1-character change *outside* of the data being signed (as
verified by the buffer output from xmlsec) and make it work/fail -- and
it makes no sense what so ever. 
  The attached files differ by only one character -- a newline at the
end of the node being signed (but *after* the closing tag). If the
newline is present, the xpath transform fails with:
.c:1441): error 34: invalid reference :
If the newline is absent, the xpath transform works (as do all the
others I've tried). 
  Running a very simple xmlsec command will show the good and bad
   xmlsec verify --print-all dereg1.xml  <<bad>>
   xmlsec verify --print-all dereg2.xml  <<good>>
I've stepped through a bunch of the code looking for what's going on but
I obviously don't understand the code well enough yet to know more than
that the transform is returning the wrong data (an xml subset of the
correct data). If you can figure out what's going on here it would
greatly improve my life -- this has been a wild ride today!

Ferrell Moultrie (ferrell at iss.net)
Software Engineer

Internet Security Systems, Inc.
6303 Barfield Road
Atlanta, Georgia 30328
Phone:  404-236-2600
Direct: 404-236-2849
Fax:    404-236-2632

Internet Security Systems -- The Power to Protect
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dereg2.xml
Type: text/xml
Size: 2005 bytes
Desc: dereg2.xml
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20020829/ad32538a/dereg2.xml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dereg1.xml
Type: text/xml
Size: 2007 bytes
Desc: dereg1.xml
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20020829/ad32538a/dereg1.xml

More information about the xmlsec mailing list