[xmlsec] Failure to encode special chars in X509SubjectName node
Aleksey Sanin
aleksey at aleksey.com
Thu Mar 6 11:08:43 PST 2008
Hm... I was under impression that xmlNodeSetContent() does the encoding
internally. I guess I was wrong. Let me research this. There are other
places in xmlsec where xmlNodeSetContent() is used. All these places
need to encode & and other special characters.
Thanks for bug report!
Aleksey
Cliff Hones wrote:
> I have an X509 certificate which has an ampersand within its
> "Subject" text. When signing with this certificate, the content
> of the X509SubjectName node is incorrectly set - it terminates
> at the ampersand (which is not encoded as &). Also, xmllib
> reports "unterminated entity reference".
>
> I can fix this behaviour by adding a suitable call to the routine
> xmlEncodeSpecialChars in openssl/x509.c in the function
> xmlSecOpenSSLX509SubjectNameNodeWrite
>
> Note that xmlEncodeSpecialChars requires a "doc" as first argument,
> which is not available in this routine, but in fact NULL can be
> passed as the doc argument is not used.
>
> I think this call should also be added to
> xmlSecOpenSSLX509IssuerSerialNodeWrite
> for the IssuerName node, as this could also contain text with
> an "&" (or indeed other special XML characters).
>
> This problem could also be present in other places where xmlsec sets
> node content to a raw string sourced from non-XML. I haven't looked
> to see if there are any other such occurrences.
>
> Do you consider this a bug? Should I submit it to the Gnome bugzilla?
>
More information about the xmlsec
mailing list