From 5c02fb435db171daf6d1ef360340137b3b0fd467 Mon Sep 17 00:00:00 2001 From: Melanie Thielker Date: Tue, 22 Jun 2010 17:35:00 +0200 Subject: Security fix: Allow only textures to be fetched using HTTP texture cap --- OpenSim/Region/CoreModules/Avatar/Assets/GetTextureModule.cs | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'OpenSim') diff --git a/OpenSim/Region/CoreModules/Avatar/Assets/GetTextureModule.cs b/OpenSim/Region/CoreModules/Avatar/Assets/GetTextureModule.cs index f8e3d59..75efb79 100644 --- a/OpenSim/Region/CoreModules/Avatar/Assets/GetTextureModule.cs +++ b/OpenSim/Region/CoreModules/Avatar/Assets/GetTextureModule.cs @@ -131,6 +131,12 @@ namespace OpenSim.Region.CoreModules.Avatar.ObjectCaps if (texture != null) { + if (texture.Type != (sbyte)AssetType.Texture) + { + httpResponse.StatusCode = (int)System.Net.HttpStatusCode.NotFound; + httpResponse.Send(); + return null; + } SendTexture(httpRequest, httpResponse, texture); } else @@ -147,6 +153,12 @@ namespace OpenSim.Region.CoreModules.Avatar.ObjectCaps if (texture != null) { + if (texture.Type != (sbyte)AssetType.Texture) + { + httpResponse.StatusCode = (int)System.Net.HttpStatusCode.NotFound; + httpResponse.Send(); + return null; + } SendTexture(httpRequest, httpResponse, texture); } else -- cgit v1.1