From 448811ccddfa6fb3dbbd7279e240ff9ef805d218 Mon Sep 17 00:00:00 2001 From: Justin Clark-Casey (justincc) Date: Thu, 22 Nov 2012 03:01:57 +0000 Subject: If an asset POST does not contain well-formed XML, return a 400 (Bad Request) HTTP status rather than simply dropping the request. --- .../Handlers/Asset/AssetServerPostHandler.cs | 15 ++++++++++--- .../Asset/Tests/AssetServerPostHandlerTests.cs | 26 ++++++++++++++++++++++ 2 files changed, 38 insertions(+), 3 deletions(-) (limited to 'OpenSim/Server/Handlers/Asset') diff --git a/OpenSim/Server/Handlers/Asset/AssetServerPostHandler.cs b/OpenSim/Server/Handlers/Asset/AssetServerPostHandler.cs index 87b3d2d..a006fa8 100644 --- a/OpenSim/Server/Handlers/Asset/AssetServerPostHandler.cs +++ b/OpenSim/Server/Handlers/Asset/AssetServerPostHandler.cs @@ -57,14 +57,23 @@ namespace OpenSim.Server.Handlers.Asset public override byte[] Handle(string path, Stream request, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) { + AssetBase asset; XmlSerializer xs = new XmlSerializer(typeof (AssetBase)); - AssetBase asset = (AssetBase) xs.Deserialize(request); + + try + { + asset = (AssetBase)xs.Deserialize(request); + } + catch (XmlException) + { + httpResponse.StatusCode = (int)HttpStatusCode.BadRequest; + return null; + } string[] p = SplitParams(path); if (p.Length > 1) { - bool result = - m_AssetService.UpdateContent(p[1], asset.Data); + bool result = m_AssetService.UpdateContent(p[1], asset.Data); xs = new XmlSerializer(typeof(bool)); return ServerUtils.SerializeResult(xs, result); diff --git a/OpenSim/Server/Handlers/Asset/Tests/AssetServerPostHandlerTests.cs b/OpenSim/Server/Handlers/Asset/Tests/AssetServerPostHandlerTests.cs index 9e82576..427fa16 100644 --- a/OpenSim/Server/Handlers/Asset/Tests/AssetServerPostHandlerTests.cs +++ b/OpenSim/Server/Handlers/Asset/Tests/AssetServerPostHandlerTests.cs @@ -27,6 +27,7 @@ using System; using System.IO; +using System.Net; using System.Text; using System.Xml; using System.Xml.Serialization; @@ -38,6 +39,7 @@ using OpenSim.Server.Handlers.Asset; using OpenSim.Services.AssetService; using OpenSim.Services.Interfaces; using OpenSim.Tests.Common; +using OpenSim.Tests.Common.Mock; namespace OpenSim.Server.Handlers.Asset.Test { @@ -80,5 +82,29 @@ namespace OpenSim.Server.Handlers.Asset.Test Assert.That(retrievedAsset, Is.Not.Null); } + + [Test] + public void TestBadXmlAssetStoreRequest() + { + TestHelpers.InMethod(); + + IConfigSource config = new IniConfigSource(); + config.AddConfig("AssetService"); + config.Configs["AssetService"].Set("StorageProvider", "OpenSim.Tests.Common.dll"); + + AssetService assetService = new AssetService(config); + + AssetServerPostHandler asph = new AssetServerPostHandler(assetService); + + MemoryStream buffer = new MemoryStream(); + byte[] badData = new byte[] { 0x48, 0x65, 0x6c, 0x6c, 0x6f }; + buffer.Write(badData, 0, badData.Length); + buffer.Position = 0; + + TestOSHttpResponse response = new TestOSHttpResponse(); + asph.Handle(null, buffer, null, response); + + Assert.That(response.StatusCode, Is.EqualTo((int)HttpStatusCode.BadRequest)); + } } } \ No newline at end of file -- cgit v1.1