[xmlsec] exclusive canonicalization problem - multiple namespace declaration

Tomas Sieger tomas.sieger at systinet.com
Tue Apr 20 02:18:43 PDT 2004 

Thanks Aleksey,
  I patched xmlSec sources, but the problem still persists.

I'm sending some more info, if you like:

1) a stupid patch against xmlSec c14n.c - you need not to apply it, it 
is just for illustration where I'm gathering my debug files :-)

2) debug files gathered using my debugs in (1) (and pretty-formatted):

INPUT_c14n.xml - input msg to c14n processing

OUTPUT_BAD_c14n.xml - output msg from c14n processing (bad output shown) 
- this is the case when I just run my test (using patched xmlSec)

OUTPUT_OK_c14n.xml - output msg from c14n processing (good output shown) 
- see below for info how I got it

3) running my test and setting breakpoint in xmlSec: nodeset.c: 153
the contexts the test stops in are:

    parent: XML_ELEMENT_NODE "Body"
    node: XML_NAMESPACE_DECL "http://schemas.xmlsoap.org/soap/envelope/"
  (gdb) c

    parent: XML_ELEMENT_NODE "Ping"
    node: XML_NAMESPACE_DECL "http://xmlsoap.org/Ping"
  (gdb) c

    parent: XML_ELEMENT_NODE "text"
    node: XML_NAMESPACE_DECL "http://xmlsoap.org/Ping"
  (gdb) c

    parent: XML_ELEMENT_NODE "Ping"
    node: XML_NAMESPACE_DECL "http://xmlsoap.org/Ping"
  (gdb) c

    parent: XML_ATTRIBUTE_NODE "type"
    node: XML_NAMESPACE_DECL "http://www.w3.org/2001/XMLSchema-instance"

now, your patch is executed:
  (gdb) n
    154                     ns.next = (xmlNsPtr)parent->parent;

however, the nodeset does not contain the namespace 
"http://www.w3.org/2001/XMLSchema-instance":

  (gdb) p *nset->nodes
   $23 = {nodeNr = 1, nodeMax = 10, nodeTab = 0x81d7ee0}
  (gdb) p *nset->nodes->nodeTab[0]
   $24 = {_private = 0x0, type = XML_ELEMENT_NODE, name = 0x81d4110 
"Body", children = 0x81d4230, last = 0x81d4230,
   parent = 0x81d3f28, next = 0x0, prev = 0x81d10c0, doc = 0x81d3e58, ns 
= 0x81d3f78, content = 0x0,
   properties = 0x81d3428, nsDef = 0x81d33a0, psvi = 0x0, line = 0, 
extra = 0}

so:

  (gdb) p in_nodes_set
  $25 = 0

so the namespace gets still rendered at <text> element

Then, I tried to manually override the 'in_nodes_set': set it to 1. In 
this case, the namespace "http://www.w3.org/2001/XMLSchema-instance" 
gets no rendered at the <text> element (see OUTPUT_OK_c14n.xml).

best regards,
  Tomas

Aleksey Sanin wrote:
> Tomas,
> 
> I checked in the patches for both LibXML2 and XMLSec. As I wrote
> in LibXML2 the patch does not touch the core library but the C14N
> test program. On xmlsec side, it is a patch in the core library.
> 
> I would appreciate if you can either apply the xmlsec patch attached
> to my previous message or get fresh xmlsec sources from CVS and try
> this patch with your examples.
> 
> Thanks,
> Aleksey
> 
> Aleksey Sanin wrote:
> 
>> It is a problems on both sides. The LibXML2 namespaces are a little
>> bit tricky and c14n code had a problem with understanding that attribute
>> namespace is the same as the namespace declaration in the node.
>>
>> The patches for both libxml2 and xmlsec are attached (the libxml2 patch
>> fixes the testC14N test utility and does not change the core libxml2
>> functionality thus it is optional). I did a quick test and it seems
>> to be working fine but I will not be able to fully test and check in
>> these patches till next week.

-------------- next part --------------
--- c14n.c.orig	Fri Aug 22 19:11:14 2003
+++ c14n.c	Tue Apr 20 09:41:28 2004
@@ -422,6 +422,22 @@
 			(xmlC14NIsVisibleCallback)xmlSecNodeSetContains, 
 			nodes, 0, NULL, 1, buf); 
     } else if(id == xmlSecTransformExclC14NId) {
+        //TS:todo:
+        static char fn[100]="c14n_a.xml";
+        FILE *f;
+        if (fn[5]<'z') fn[5]++;
+        xmlSaveFormatFile(fn,nodes->doc,1);
+        if (fn[5]<'z') fn[5]++;
+        f=fopen(fn,"wt");
+        if (f) {
+            xmlOutputBufferPtr b=xmlOutputBufferCreateFile(f,NULL);
+            xmlC14NExecute(nodes->doc,
+                           (xmlC14NIsVisibleCallback)xmlSecNodeSetContains,
+                           nodes, 1, nsList, 0, b);
+            fclose(f);
+        }
+
+
 	ret = xmlC14NExecute(nodes->doc, 
 			(xmlC14NIsVisibleCallback)xmlSecNodeSetContains, 
 			nodes, 1, nsList, 0, buf);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: INPUT_c14n.xml
Type: text/xml
Size: 4357 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20040420/9949f9f1/INPUT_c14n.xml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OUTPUT_BAD_c14n.xml
Type: text/xml
Size: 465 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20040420/9949f9f1/OUTPUT_BAD_c14n.xml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OUTPUT_OK_c14n.xml
Type: text/xml
Size: 411 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20040420/9949f9f1/OUTPUT_OK_c14n.xml

More information about the xmlsec mailing list