Bug 46681 - Erroneous check for reference equality to compare two Strings
Summary: Erroneous check for reference equality to compare two Strings
Status: RESOLVED DUPLICATE of bug 40897
Alias: None
Product: Security - Now in JIRA
Classification: Unclassified
Component: Canonicalization (show other bugs)
Version: unspecified
Hardware: PC Windows XP
: P2 normal
Target Milestone: ---
Assignee: XML Security Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-02-09 08:50 UTC by Jason Halpin
Modified: 2010-10-16 06:56 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Halpin 2009-02-09 08:50:58 UTC
When using a DOM model which doesn't return an interned String for the default namespace uri in Attr.getNamespaceURI(), the following line fails in org.apache.xml.security.c14n.implementations.Canonicalizer20010315Excl.handleAttributesSubtree():

if (XMLNS_URI!=N.getNamespaceURI()) {
...

This allows extraneous namespace declarations to fall thru canonicalization on certain DOM implementations.

I don't think there's any requirement that the namespace URI that's returned should be the same reference as the literal string it's being compared against here.

Should be :

if (!(XMLNS_URI.equals(N.getNamespaceURI())) {
...
Comment 1 Chad La Joie 2010-10-16 06:56:35 UTC
This is just one manifestation of issues 40897

*** This bug has been marked as a duplicate of bug 40897 ***