[xml] Re: [xmlsec] exc c14n w/o comments bug

Aleksey Sanin aleksey at aleksey.com
Tue May 11 13:59:14 PDT 2004


DISCLAIMER: the LibXML2 behavior described bellow is how I remember it.
Unfortunately I don't have time right now to check it and make sure
that this is exactly how it works. I'll try to debug the problem tonight
and then I should have more details.


>>Help is always welcome :) I suspect that the problem is caused by
>>the fact that LibXML2 attribute namespace has a different memory
>>representation from the namespace declaration. In this particular
>>case the problem is that attribute namespace *is not* returned in
>>the list of nodes selected by XPath expression.
> 
> 
>   Hum ... are you suggesting it's a bug ? The XPath data model clearly
> differentiates attributes from namespace.

I am talking about attribute namespace and it is different from "namespace
declaration". For example, if I remember everything correctly then you 
parse the following element

     <test:something xmlns:test="http://www.example.org/test"
                     test:data="aaa"/>

with LibXML2 then the xmlNodePtr for "test:data" attribute will have a
pointer to namespace xmlNodePtr and it will be *different* from the
xmlNodePtr created for "xmlns:test" namespace declaration.

Now if we make the example slightly more complex:

    <test1:something xmlns:test1="http://www.example.org/test1
                     xmlns:test2="http://www.example.org/test2">
	<test2:somethingelse test1:data="aaa">
	</test2:somethingelse>
    </test1:something>

and suppose that we have XPath expression that selects all attributes
in the test2:something element

	//test1:something//test2:somethingelse@*

In this case, the xmlNodePtr that represents test1 namespace in the
test1:data attribute would not be included in the resulting XPath
nodeset. I am not sure if it is a problem with LibMXL2 XPath engine
or not.

> 
>>The change is more or less trivial but it requires *very* carefull
>>testing. My estimates is that change itself would take about an hour
>>and testing would take another 3-4 hours. And it's more than I have
>>these days :(
> 
> 
>   How is the weird serialization generated ? Is the redundant
> xmlns information pushed as an attribute instead of a namespace ?
> Maybe there is some fixup needed at the libxml2 tree API too.

The problem is that during exc-c14n I have to check if particular
namespace is visible or not. This works just great for element
namespaces but for attributes it fails because of the reasons described
above.

Aleksey





More information about the xmlsec mailing list