XMLSecurityDSig->validateReference() Null Exception

Question

XMLSecurityDSig->validateReference() Null Exception

Closed this issue 8 years ago · 3 comments

Hello,

We have been using your library as part of LightSaml and with a particular Identity Provider's response there was a Null pointer exception occuring inside XMLSecurityDSig->validateReference() function,
more specifically at this line:

if (! $docElem->isSameNode($this->sigNode)) {
$this->sigNode->parentNode->removeChild($this->sigNode);
}

Aparently $this->sigNode->parentNode is null and a simple check was enough to solve the problem for me, like this:

if (! $docElem->isSameNode($this->sigNode)) {
if($this->sigNode->parentNode != null) {
$this->sigNode->parentNode->removeChild($this->sigNode);
}
}

I would appreciate if you could fix this.
Let me know if I can provide more info on the matter.

Thank you for your great library,
Ermal.

Answer 1 · 2016-08-17T13:35:57.000Z

As mentioned in lightSAML/SpBundle#15 (comment) ... Think the solution should be determined once we're able to reproduce the error... So, please provide how to reproduce the error, with all needed data. Maybe the error is in lightsaml and not here in xmlseclibs...

Answer 2 · 2016-11-02T13:36:26.000Z

This is happening if one same instance of signature is verified for the second time (with different key). Problem is dom is modified and implementation does not expect side effects itself have made. Have tried suggested fix by @ermalmino and it prevents for erroring on the second verificaction.

Answer 3 · 2016-11-02T13:42:53.000Z

Made fix in #113 ... waiting to be merged