From 603a140eb7ad9069f09803c9267511884829da5a Mon Sep 17 00:00:00 2001 From: "Justin Clark-Casey (justincc)" Date: Thu, 22 Nov 2012 03:01:57 +0000 Subject: [PATCH] If an asset POST does not contain well-formed XML, return a 400 (Bad Request) HTTP status rather than simply dropping the request. --- .../Handlers/Asset/AssetServerPostHandler.cs | 15 ++++++++--- .../Tests/AssetServerPostHandlerTests.cs | 26 +++++++++++++++++++ 2 files changed, 38 insertions(+), 3 deletions(-) diff --git a/OpenSim/Server/Handlers/Asset/AssetServerPostHandler.cs b/OpenSim/Server/Handlers/Asset/AssetServerPostHandler.cs index 87b3d2dd32..a006fa8395 100644 --- a/OpenSim/Server/Handlers/Asset/AssetServerPostHandler.cs +++ b/OpenSim/Server/Handlers/Asset/AssetServerPostHandler.cs @@ -57,14 +57,23 @@ namespace OpenSim.Server.Handlers.Asset public override byte[] Handle(string path, Stream request, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) { + AssetBase asset; XmlSerializer xs = new XmlSerializer(typeof (AssetBase)); - AssetBase asset = (AssetBase) xs.Deserialize(request); + + try + { + asset = (AssetBase)xs.Deserialize(request); + } + catch (XmlException) + { + httpResponse.StatusCode = (int)HttpStatusCode.BadRequest; + return null; + } string[] p = SplitParams(path); if (p.Length > 1) { - bool result = - m_AssetService.UpdateContent(p[1], asset.Data); + bool result = m_AssetService.UpdateContent(p[1], asset.Data); xs = new XmlSerializer(typeof(bool)); return ServerUtils.SerializeResult(xs, result); diff --git a/OpenSim/Server/Handlers/Asset/Tests/AssetServerPostHandlerTests.cs b/OpenSim/Server/Handlers/Asset/Tests/AssetServerPostHandlerTests.cs index 9e82576df1..427fa1674d 100644 --- a/OpenSim/Server/Handlers/Asset/Tests/AssetServerPostHandlerTests.cs +++ b/OpenSim/Server/Handlers/Asset/Tests/AssetServerPostHandlerTests.cs @@ -27,6 +27,7 @@ using System; using System.IO; +using System.Net; using System.Text; using System.Xml; using System.Xml.Serialization; @@ -38,6 +39,7 @@ using OpenSim.Server.Handlers.Asset; using OpenSim.Services.AssetService; using OpenSim.Services.Interfaces; using OpenSim.Tests.Common; +using OpenSim.Tests.Common.Mock; namespace OpenSim.Server.Handlers.Asset.Test { @@ -80,5 +82,29 @@ namespace OpenSim.Server.Handlers.Asset.Test Assert.That(retrievedAsset, Is.Not.Null); } + + [Test] + public void TestBadXmlAssetStoreRequest() + { + TestHelpers.InMethod(); + + IConfigSource config = new IniConfigSource(); + config.AddConfig("AssetService"); + config.Configs["AssetService"].Set("StorageProvider", "OpenSim.Tests.Common.dll"); + + AssetService assetService = new AssetService(config); + + AssetServerPostHandler asph = new AssetServerPostHandler(assetService); + + MemoryStream buffer = new MemoryStream(); + byte[] badData = new byte[] { 0x48, 0x65, 0x6c, 0x6c, 0x6f }; + buffer.Write(badData, 0, badData.Length); + buffer.Position = 0; + + TestOSHttpResponse response = new TestOSHttpResponse(); + asph.Handle(null, buffer, null, response); + + Assert.That(response.StatusCode, Is.EqualTo((int)HttpStatusCode.BadRequest)); + } } } \ No newline at end of file