diff options
| author | Stephan Bergmann <sbergman@redhat.com> | 2016-10-31 13:07:31 +0100 |
|---|---|---|
| committer | Stephan Bergmann <sbergman@redhat.com> | 2016-10-31 13:22:06 +0100 |
| commit | 1b98f38cfac2ac6caa7f178f70bcd9c5f74f16a4 (patch) | |
| tree | 1b864bf96e10ba17326011026ce5851329e03fe9 /xmlsecurity | |
| parent | 074defe26f55ef05ca5bd45f292e736438654b47 (diff) | |
css.xml.sax.XAttributeList is broken by design
In the Java interface it was reportedly copied from, getValue can return null to
indicate a missing attribute, but in UNOIDL that's not possible. The workaround
that implementations of the UNOIDL interface resorted to is apparently to return
an empty string (another option would have been to throw an exception).
But the code in xmlsecurity appears to be written under the ill assumption that
getValueByName would return null for a missing attribute. What the code as
written actually did check was whether the return value is an empty string
(because it picks the operator ==(OUString const &, sal_Unicode const *)
overload, which happens to treat a null second argument like an empty string).
Ideally, the code in xmlsecurity would have some way to tell a missing attribute
from an empty one (via some extended XAttributeList2, or by iterating over all
getNameByIndex, or ...). But for none of the affected attributes it seems
expected that the attribute's value could be an empty string, so checking for an
empty string seems to work reasonably well in practice. So keep it simple and
just check for an empty string properly.
Thanks to Tor for spotting that odd xmlsecurity code.
Change-Id: Ib068ee98ef818683a43309ab4d7c3a4731e8deff
Diffstat (limited to 'xmlsecurity')
| -rw-r--r-- | xmlsecurity/source/helper/xsecparser.cxx | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx index ddc689a63793..ed3f0ff5ac35 100644 --- a/xmlsecurity/source/helper/xsecparser.cxx +++ b/xmlsecurity/source/helper/xsecparser.cxx @@ -46,7 +46,7 @@ OUString XSecParser::getIdAttr(const cssu::Reference< cssxs::XAttributeList >& x { OUString ouIdAttr = xAttribs->getValueByName("id"); - if (ouIdAttr == nullptr) + if (ouIdAttr.isEmpty()) { ouIdAttr = xAttribs->getValueByName("Id"); } @@ -91,7 +91,7 @@ void SAL_CALL XSecParser::startElement( try { OUString ouIdAttr = getIdAttr(xAttribs); - if (ouIdAttr != nullptr) + if (!ouIdAttr.isEmpty()) { m_pXSecController->collectToVerify( ouIdAttr ); } @@ -99,7 +99,7 @@ void SAL_CALL XSecParser::startElement( if ( aName == "Signature" ) { m_pXSecController->addSignature(); - if (ouIdAttr != nullptr) + if (!ouIdAttr.isEmpty()) { m_pXSecController->setId( ouIdAttr ); } @@ -107,8 +107,7 @@ void SAL_CALL XSecParser::startElement( else if ( aName == "Reference" ) { OUString ouUri = xAttribs->getValueByName("URI"); - SAL_WARN_IF( ouUri == nullptr, "xmlsecurity.helper", "URI == NULL" ); - + SAL_WARN_IF( ouUri.isEmpty(), "xmlsecurity.helper", "URI == NULL" ); if (ouUri.startsWith("#")) { /* @@ -131,7 +130,7 @@ void SAL_CALL XSecParser::startElement( { OUString ouAlgorithm = xAttribs->getValueByName("Algorithm"); - if (ouAlgorithm != nullptr && ouAlgorithm == ALGO_C14N) + if (ouAlgorithm == ALGO_C14N) /* * a xml stream */ @@ -168,7 +167,7 @@ void SAL_CALL XSecParser::startElement( } else if ( aName == "SignatureProperty" ) { - if (ouIdAttr != nullptr) + if (!ouIdAttr.isEmpty()) { m_pXSecController->setPropertyId( ouIdAttr ); } |