From 854a8b91723afb98dc29dbd3afacaa895e58ea73 Mon Sep 17 00:00:00 2001 From: Melanie Thielker Date: Tue, 22 Jun 2010 17:35:00 +0200 Subject: [PATCH 1/4] Security fix: Allow only textures to be fetched using HTTP texture cap --- .../CoreModules/Avatar/Assets/GetTextureModule.cs | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/OpenSim/Region/CoreModules/Avatar/Assets/GetTextureModule.cs b/OpenSim/Region/CoreModules/Avatar/Assets/GetTextureModule.cs index f8e3d595c9..75efb799c1 100644 --- a/OpenSim/Region/CoreModules/Avatar/Assets/GetTextureModule.cs +++ b/OpenSim/Region/CoreModules/Avatar/Assets/GetTextureModule.cs @@ -131,6 +131,12 @@ namespace OpenSim.Region.CoreModules.Avatar.ObjectCaps if (texture != null) { + if (texture.Type != (sbyte)AssetType.Texture) + { + httpResponse.StatusCode = (int)System.Net.HttpStatusCode.NotFound; + httpResponse.Send(); + return null; + } SendTexture(httpRequest, httpResponse, texture); } else @@ -147,6 +153,12 @@ namespace OpenSim.Region.CoreModules.Avatar.ObjectCaps if (texture != null) { + if (texture.Type != (sbyte)AssetType.Texture) + { + httpResponse.StatusCode = (int)System.Net.HttpStatusCode.NotFound; + httpResponse.Send(); + return null; + } SendTexture(httpRequest, httpResponse, texture); } else From 68551675dfcd0e159185345e8cb7ac54b3530abf Mon Sep 17 00:00:00 2001 From: Melanie Thielker Date: Tue, 22 Jun 2010 02:33:20 +0200 Subject: [PATCH 2/4] Guard prioritizer agains null values as those produced by a bullet dying before it can be updated --- OpenSim/Region/Framework/Scenes/Prioritizer.cs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/OpenSim/Region/Framework/Scenes/Prioritizer.cs b/OpenSim/Region/Framework/Scenes/Prioritizer.cs index 7b7677bd6b..de3c360a42 100644 --- a/OpenSim/Region/Framework/Scenes/Prioritizer.cs +++ b/OpenSim/Region/Framework/Scenes/Prioritizer.cs @@ -52,6 +52,9 @@ namespace OpenSim.Region.Framework.Scenes public double GetUpdatePriority(IClientAPI client, ISceneEntity entity) { double priority = 0; + + if (entity == null) + return 100000; switch (m_scene.UpdatePrioritizationScheme) { From 1e1485de5b48248ffeec75e49e792b321164c547 Mon Sep 17 00:00:00 2001 From: John Hurliman Date: Tue, 22 Jun 2010 16:09:30 -0700 Subject: [PATCH 3/4] * Fixed SimianGrid map tile uploads not having any objects in the images --- .../SimianAuthenticationServiceConnector.cs | 2 ++ .../SimianGrid/SimianGridServiceConnector.cs | 32 ++++++++++++++++--- 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/OpenSim/Services/Connectors/SimianGrid/SimianAuthenticationServiceConnector.cs b/OpenSim/Services/Connectors/SimianGrid/SimianAuthenticationServiceConnector.cs index 3c784f25ea..7a96a05dea 100644 --- a/OpenSim/Services/Connectors/SimianGrid/SimianAuthenticationServiceConnector.cs +++ b/OpenSim/Services/Connectors/SimianGrid/SimianAuthenticationServiceConnector.cs @@ -198,6 +198,8 @@ namespace OpenSim.Services.Connectors.SimianGrid if (!String.IsNullOrEmpty(identifier)) { // Add/update the md5hash identity + // TODO: Support salts when AddIdentity does + // TODO: Create an a1hash too for WebDAV logins requestArgs = new NameValueCollection { { "RequestMethod", "AddIdentity" }, diff --git a/OpenSim/Services/Connectors/SimianGrid/SimianGridServiceConnector.cs b/OpenSim/Services/Connectors/SimianGrid/SimianGridServiceConnector.cs index db9027a17a..bea81726f4 100644 --- a/OpenSim/Services/Connectors/SimianGrid/SimianGridServiceConnector.cs +++ b/OpenSim/Services/Connectors/SimianGrid/SimianGridServiceConnector.cs @@ -59,18 +59,35 @@ namespace OpenSim.Services.Connectors.SimianGrid MethodBase.GetCurrentMethod().DeclaringType); private string m_serverUrl = String.Empty; + private Dictionary m_scenes = new Dictionary(); #region ISharedRegionModule public Type ReplaceableInterface { get { return null; } } - public void RegionLoaded(Scene scene) { if (!String.IsNullOrEmpty(m_serverUrl)) { UploadMapTile(scene); } } + public void RegionLoaded(Scene scene) { } public void PostInitialise() { } public void Close() { } public SimianGridServiceConnector() { } public string Name { get { return "SimianGridServiceConnector"; } } - public void AddRegion(Scene scene) { if (!String.IsNullOrEmpty(m_serverUrl)) { scene.RegisterModuleInterface(this); } } - public void RemoveRegion(Scene scene) { if (!String.IsNullOrEmpty(m_serverUrl)) { scene.UnregisterModuleInterface(this); } } + public void AddRegion(Scene scene) + { + // Every shared region module has to maintain an indepedent list of + // currently running regions + lock (m_scenes) + m_scenes[scene.RegionInfo.RegionID] = scene; + + if (!String.IsNullOrEmpty(m_serverUrl)) + scene.RegisterModuleInterface(this); + } + public void RemoveRegion(Scene scene) + { + lock (m_scenes) + m_scenes.Remove(scene.RegionInfo.RegionID); + + if (!String.IsNullOrEmpty(m_serverUrl)) + scene.UnregisterModuleInterface(this); + } #endregion ISharedRegionModule @@ -105,6 +122,13 @@ namespace OpenSim.Services.Connectors.SimianGrid public string RegisterRegion(UUID scopeID, GridRegion regionInfo) { + // Generate and upload our map tile in PNG format to the SimianGrid AddMapTile service + Scene scene; + if (m_scenes.TryGetValue(regionInfo.RegionID, out scene)) + UploadMapTile(scene); + else + m_log.Warn("Registering region " + regionInfo.RegionName + " (" + regionInfo.RegionID + ") that we are not tracking"); + Vector3d minPosition = new Vector3d(regionInfo.RegionLocX, regionInfo.RegionLocY, 0.0); Vector3d maxPosition = minPosition + new Vector3d(Constants.RegionSize, Constants.RegionSize, 4096.0); @@ -430,7 +454,7 @@ namespace OpenSim.Services.Connectors.SimianGrid if (!String.IsNullOrEmpty(errorMessage)) { m_log.WarnFormat("[SIMIAN GRID CONNECTOR]: Failed to store {0} byte PNG map tile for {1}: {2}", - pngData.Length, scene.RegionInfo.RegionName, errorMessage); + pngData.Length, scene.RegionInfo.RegionName, errorMessage.Replace('\n', ' ')); } } From c96a6940a9b1d1e00bbaeff8ee9113435848e151 Mon Sep 17 00:00:00 2001 From: John Hurliman Date: Tue, 22 Jun 2010 16:11:36 -0700 Subject: [PATCH 4/4] Line ending fix --- .../Shared/Api/Implementation/LSL_Api.cs | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs index 86d0c30f93..1feb153fb4 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs @@ -6516,15 +6516,15 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api if (cut.y > 1f) { cut.y = 1f; - } - if (cut.y - cut.x < 0.05f) - { - cut.x = cut.y - 0.05f; - if (cut.x < 0.0f) - { - cut.x = 0.0f; - cut.y = 0.05f; - } + } + if (cut.y - cut.x < 0.05f) + { + cut.x = cut.y - 0.05f; + if (cut.x < 0.0f) + { + cut.x = 0.0f; + cut.y = 0.05f; + } } shapeBlock.ProfileBegin = (ushort)(50000 * cut.x); shapeBlock.ProfileEnd = (ushort)(50000 * (1 - cut.y)); @@ -6722,11 +6722,11 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api } if (profilecut.y - profilecut.x < 0.05f) { - profilecut.x = profilecut.y - 0.05f; - if (profilecut.x < 0.0f) - { - profilecut.x = 0.0f; - profilecut.y = 0.05f; + profilecut.x = profilecut.y - 0.05f; + if (profilecut.x < 0.0f) + { + profilecut.x = 0.0f; + profilecut.y = 0.05f; } } shapeBlock.ProfileBegin = (ushort)(50000 * profilecut.x);