[xmlsec] XPath/XPathFilter2 evaluation bug

Aleksey Sanin aleksey at aleksey.com
Thu Nov 3 14:04:10 PDT 2011


Hi Steingart,

Thanks a lot for the bug report and analysis! This is indeed a change
in recent libxml2 versions. Unfortunately, there are a couple other
places where we rely on NULL nodeset to be "all" so I implemented
a slightly different version of your patch

http://git.gnome.org/browse/xmlsec/commit/?id=d081286fdaf5718eab01013a47fc76539925397d

Best,

Aleksey

On 11/2/11 1:55 AM, Steingart Ferenc wrote:
> Hi,
> I think I have found a bug in XPath/Xpath-Filter2 reference evaluation.
> The bug is reproducable with the xmlsec command line utility, using the
> attached input files.
> The problem is that the whole document is included in the reference digest.
>
> The command line:
> xmlsec1 --sign --store-references --print-debug --id-attr:id
> "urn:test.global":ToBeSigned --privkey-pem signkey.pem --pubkey-cert-pem
> signcert.crt tobesigned.xml
>
> After some debugging sessions I found, that the problem arises when the
> libxml2 xpath evaluation returns an empty nodeset in the form: the
> xmlXPathObject's type is XPATH_NODESET and the nodesetval pointer is
> NULL. (Sometimes empty nodesets are returned with a non-null nodesetval
> pointer, but nodesetval->nodeNr=0)
> I have managed to correct the handlig of such empty nodesets by two
> small modification:
> in nodeset.c: in function xmlSecNodeSetOneContains the default value of
> the variable int in_nodes_set has to be set to 0:
> -------------------
> xmlSecNodeSetOneContains(xmlSecNodeSetPtr nset, xmlNodePtr node,
> xmlNodePtr parent) {
> int in_nodes_set = 0;
> ...
> -------------------
> By this NULL nodes pointers in xmlSecNodeSet nodesets are handled
> correctly. But this arises another problem: when using an xpointer in
> the corresponding reference,
> the initial xmlSecNodeSetPtr nodeset's nodes pointer is set to NULL,
> with type xmlSecNodeSetNormal. This defines an empty nodeset, so the
> initial nodeset has to be changed.
> In transforms.c in function xmlSecTransformCtxExecute has to be created
> with type xmlSecNodeSetInvert instead of xmlSecNodeSetNormal, which
> means the whole document:
> -------------------
> xmlSecTransformCtxExecute(xmlSecTransformCtxPtr ctx, xmlDocPtr doc) {
> int ret;
>
> xmlSecAssert2(ctx != NULL, -1);
> xmlSecAssert2(ctx->result == NULL, -1);
> xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, -1);
> xmlSecAssert2(doc != NULL, -1);
>
> if((ctx->uri == NULL) || (xmlStrlen(ctx->uri) == 0)) {
> xmlSecNodeSetPtr nodes;
>
> if((ctx->xptrExpr != NULL) && (xmlStrlen(ctx->xptrExpr) > 0)){
> /* our xpointer transform takes care of providing correct nodes set */
> nodes = xmlSecNodeSetCreate(doc, NULL, xmlSecNodeSetInvert);
> ...
> -------------------
> This way xpath evaluation seems correct. Of course my modifications
> require more evaluation.
>
> Steingart Ferenc
>
> fejlesztő, programtervező matematikus
> Tel: 06 1 345 7974
> Email: steingart.ferenc at cardinal.hu
> Web: http://www.cardinal.hu
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec


More information about the xmlsec mailing list