Merge commit from fork

Author: tvdijen

src/Exception/CanonicalizationFailedException.php

@@ -0,0 +1,23 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\XMLSecurity\Exception;
+
+/**
+ * Class CanonicalizationFailedException
+ *
+ * This exception is thrown when we can't canonicalize the referenced document.
+ *
+ * @package simplesamlphp/xml-security
+ */
+class CanonicalizationFailedException extends RuntimeException
+{
+    /**
+     * @param string $message
+     */
+    public function __construct(string $message = 'Canonicalization failed.')
+    {
+        parent::__construct($message);
+    }
+}

src/Utils/XML.php

@@ -6,6 +6,7 @@
 
 use DOMElement;
 use SimpleSAML\XMLSecurity\Constants as C;
+use SimpleSAML\XMLSecurity\Exception\CanonicalizationFailedException;
 use SimpleSAML\XMLSecurity\XML\ds\Transforms;
 use SimpleSAML\XPath\Constants as XPATH_C;
 
@@ -68,7 +69,12 @@ public static function canonicalizeData(
             }
         }
 
-        return $element->C14N($exclusive, $withComments, $xpaths, $prefixes);
+        $ret = $element->C14N($exclusive, $withComments, $xpaths, $prefixes);
+        if ($ret === false) {
+            // GHSA-h25p-2wxc-6584
+            throw new CanonicalizationFailedException();
+        }
+        return $ret;
     }