[xmlsec] exclusive canonicalization problem - multiple namespace declaration

Tomas Sieger tomas.sieger at systinet.com
Tue Apr 13 11:21:47 PDT 2004

  I'm experiencing a problem executing an exclusive XML
canonicalization. The canonicalization declares the same
namespace for two times at two elements in parent-child
relation. Consider the following example:

  1   <SOAP-ENV:Body
  2       xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
  3       <ns0:Ping
  4           xmlns:ns0="http://xmlsoap.org/Ping"
  5           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  6           xsi:type="ns0:ping">
  7           <ns0:text
  8               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  9               xsi:type="xsd:string">Hello.</ns0:text>
10       </ns0:Ping>
11   </SOAP-ENV:Body>

Here, at line 8, the `xsi' namespace is re-declared even it is
already declared at line 5.

Looking in sources I found a strange thing in libxml2
sources, c14n.c, line 404 (in version 2.6.8, and in the
snapshot ftp://xmlsoft.org/cvs-snapshot.tar.gz too
(unfortunately, the CVS server seems to be down
so I was unable to consult the current source)).

The problem is in xmlExcC14NVisibleNsStackFind() function.
There is a return statement in the function:

    return (xmlC14NIsVisible(ctx, ns1, cur->nodeTab[i]));

The "xmlC14NIsVisible" is a macro defined at line 115+:

#define 	xmlC14NIsVisible( ctx, node, parent ) \
      (((ctx)->is_visible_callback != NULL) ? \
	(ctx)->is_visible_callback((ctx)->user_data, \
		(xmlNodePtr)(node), (xmlNodePtr)(parent)) : 1)

Maybe I'm missing something, but still: why the `ns1' and
`cur->nodeTab[i]' (which are of types xmlNsPtr) get cast to
xmlNodePtr and get passed as parameters to
`is_visible_callback'?! I guess xmlSecNodeSetContains() (the
callback target in case the c14n is called from xmlSec) does
not expect pointers to namespaces :-).

It seems this is the root of my problem - the 
xmlExcC14NVisibleNsStackFind() function returns 0 (meaning
the `xsi' namespace is not already declared), so the namespace
gets declared again.

thanks in advance for any comments

More information about the xmlsec mailing list