If an asset POST does not contain well-formed XML, return a 400 (Bad Request) HTTP status rather than simply dropping the request.

2012-11-22 03:01:57 +00:00 · 2012-11-22 03:01:57 +00:00 · 448811ccdd
parent 33a4f07c4e
commit 448811ccdd
2 changed files with 38 additions and 3 deletions
--- a/OpenSim/Server/Handlers/Asset/AssetServerPostHandler.cs
+++ b/OpenSim/Server/Handlers/Asset/AssetServerPostHandler.cs
@ -57,14 +57,23 @@ namespace OpenSim.Server.Handlers.Asset
        public override byte[] Handle(string path, Stream request,
                IOSHttpRequest httpRequest, IOSHttpResponse httpResponse)
        {
+            AssetBase asset;
            XmlSerializer xs = new XmlSerializer(typeof (AssetBase));
-            AssetBase asset = (AssetBase) xs.Deserialize(request);
+
+            try
+            {
+                asset = (AssetBase)xs.Deserialize(request);
+            }
+            catch (XmlException)
+            {
+                httpResponse.StatusCode = (int)HttpStatusCode.BadRequest;
+                return null;
+            }

            string[] p = SplitParams(path);
            if (p.Length > 1)
            {
-                bool result =
-                        m_AssetService.UpdateContent(p[1], asset.Data);
+                bool result = m_AssetService.UpdateContent(p[1], asset.Data);

                xs = new XmlSerializer(typeof(bool));
                return ServerUtils.SerializeResult(xs, result);
--- a/OpenSim/Server/Handlers/Asset/Tests/AssetServerPostHandlerTests.cs
+++ b/OpenSim/Server/Handlers/Asset/Tests/AssetServerPostHandlerTests.cs
@ -27,6 +27,7 @@

 using System;
 using System.IO;
+using System.Net;
 using System.Text;
 using System.Xml;
 using System.Xml.Serialization;
@ -38,6 +39,7 @@ using OpenSim.Server.Handlers.Asset;
 using OpenSim.Services.AssetService;
 using OpenSim.Services.Interfaces;
 using OpenSim.Tests.Common;
+using OpenSim.Tests.Common.Mock;

 namespace OpenSim.Server.Handlers.Asset.Test
 {
@ -80,5 +82,29 @@ namespace OpenSim.Server.Handlers.Asset.Test

            Assert.That(retrievedAsset, Is.Not.Null);
        }
+
+        [Test]
+        public void TestBadXmlAssetStoreRequest()
+        {
+            TestHelpers.InMethod();
+
+            IConfigSource config = new IniConfigSource();         
+            config.AddConfig("AssetService");           
+            config.Configs["AssetService"].Set("StorageProvider", "OpenSim.Tests.Common.dll");
+
+            AssetService assetService = new AssetService(config);
+
+            AssetServerPostHandler asph = new AssetServerPostHandler(assetService);          
+
+            MemoryStream buffer = new MemoryStream();
+            byte[] badData = new byte[] { 0x48, 0x65, 0x6c, 0x6c, 0x6f };
+            buffer.Write(badData, 0, badData.Length);
+            buffer.Position = 0;
+
+            TestOSHttpResponse response = new TestOSHttpResponse();
+            asph.Handle(null, buffer, null, response);
+
+            Assert.That(response.StatusCode, Is.EqualTo((int)HttpStatusCode.BadRequest));
+        }
    }
 }