Skip to content

C14n raise on failure#3600

Merged
flavorjones merged 1 commit intov1.19.xfrom
c14n-raise-on-failure
Feb 16, 2026
Merged

C14n raise on failure#3600
flavorjones merged 1 commit intov1.19.xfrom
c14n-raise-on-failure

Conversation

@flavorjones
Copy link
Member

What problem is this PR intended to solve?

Canonicalization could fail and an exception would not be raised. This behavior was named as a contributing cause in ruby-saml GHSA-x4h9-gwv3-r4m4

Have you included adequate test coverage?

Yes.

Does this change affect the behavior of either the C or the Java implementations?

JRuby raised an exception correctly already. This bring the CRuby implementation in line.

The return value of xmlC14NExecute was not being checked, so
canonicalization failures (e.g., relative namespace URIs) silently
returned an empty string. This could allow downstream libraries to
accept invalid canonicalized output.

Check the return value and raise RuntimeError on failure, matching
JRuby's existing behavior.

This behavior was named as a contributing cause to GHSA-x4h9-gwv3-r4m4
@flavorjones flavorjones changed the base branch from main to v1.19.x February 16, 2026 21:46
@flavorjones flavorjones force-pushed the c14n-raise-on-failure branch from 3584640 to 5b77f3d Compare February 16, 2026 21:47
@flavorjones flavorjones merged commit 8e66809 into v1.19.x Feb 16, 2026
161 of 163 checks passed
@flavorjones flavorjones deleted the c14n-raise-on-failure branch February 16, 2026 22:13
flavorjones added a commit that referenced this pull request Feb 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant