From 67c260fdcc1f314d701dd4acfaa16275750cdf74 Mon Sep 17 00:00:00 2001 From: MW Date: Mon, 1 Dec 2008 11:23:27 +0000 Subject: Added a Catch(InvalidOperationException) to BaseHttpServer.HandleRequest(). Which is thrown due to errors in the XML deserializing. Without this catch is it easy to bring down any of the opensim servers on purpose by just sending corrupt xml to them. --- OpenSim/Framework/Servers/BaseHttpServer.cs | 43 ++++++++++++++++------------- 1 file changed, 24 insertions(+), 19 deletions(-) (limited to 'OpenSim') diff --git a/OpenSim/Framework/Servers/BaseHttpServer.cs b/OpenSim/Framework/Servers/BaseHttpServer.cs index e59b531..aa2a06c 100644 --- a/OpenSim/Framework/Servers/BaseHttpServer.cs +++ b/OpenSim/Framework/Servers/BaseHttpServer.cs @@ -266,7 +266,7 @@ namespace OpenSim.Framework.Servers public virtual void HandleRequest(OSHttpRequest request, OSHttpResponse response) { - try + try { Culture.SetCurrentCulture(); // This is the REST agent interface. We require an agent to properly identify @@ -287,7 +287,7 @@ namespace OpenSim.Framework.Servers } IRequestHandler requestHandler; - response.KeepAlive = true; + response.KeepAlive = true; response.SendChunked = false; string path = request.RawUrl; @@ -316,8 +316,8 @@ namespace OpenSim.Framework.Servers StreamReader reader = new StreamReader(requestStream, encoding); string requestBody = reader.ReadToEnd(); - - + + reader.Close(); requestStream.Close(); @@ -340,21 +340,21 @@ namespace OpenSim.Framework.Servers headervals[headername] = request.Headers[headername]; } -// if (headervals.Contains("Host")) -// { -// host = (string)headervals["Host"]; -// } - - keysvals.Add("requestbody",requestBody); + // if (headervals.Contains("Host")) + // { + // host = (string)headervals["Host"]; + // } + + keysvals.Add("requestbody", requestBody); if (keysvals.Contains("method")) { //m_log.Warn("[HTTP]: Contains Method"); //string method = (string)keysvals["method"]; //m_log.Warn("[HTTP]: " + requestBody); - - } - DoHTTPGruntWork(HTTPRequestHandler.Handle(path,keysvals), response); - return; + + } + DoHTTPGruntWork(HTTPRequestHandler.Handle(path, keysvals), response); + return; } else { @@ -427,10 +427,10 @@ namespace OpenSim.Framework.Servers default: //m_log.Info("[Debug BASE HTTP SERVER]: in default handler"); // Point of note.. the DoWeHaveA methods check for an EXACT path -// if (request.RawUrl.Contains("/CAPS/EQG")) -// { -// int i = 1; -// } + // if (request.RawUrl.Contains("/CAPS/EQG")) + // { + // int i = 1; + // } //m_log.Info("[Debug BASE HTTP SERVER]: Checking for LLSD Handler"); if (DoWeHaveALLSDHandler(request.RawUrl)) { @@ -449,7 +449,7 @@ namespace OpenSim.Framework.Servers //m_log.Info("[Debug BASE HTTP SERVER]: Generic XMLRPC"); // generic login request. HandleXmlRpcRequests(request, response); - + return; } } @@ -468,6 +468,11 @@ namespace OpenSim.Framework.Servers { m_log.ErrorFormat("[BASE HTTP SERVER]: HandleRequest() threw {0}", e); } + catch (InvalidOperationException e) + { + m_log.ErrorFormat("[BASE HTTP SERVER]: HandleRequest() threw {0}", e); + SendHTML500(response); + } } private bool TryGetStreamHandler(string handlerKey, out IRequestHandler streamHandler) -- cgit v1.1