OpenSim
/
OpenSimMirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

If an asset POST does not contain well-formed XML, return a 400 (Bad Request) HTTP status rather than simply dropping the request.

0.7.4-extended
Justin Clark-Casey (justincc) 2012-11-22 03:01:57 +00:00
parent fd31f05cf0
commit 603a140eb7
2 changed files with 38 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
OpenSim/Server/Handlers/Asset/AssetServerPostHandler.cs
View File

@ -57,14 +57,23 @@ namespace OpenSim.Server.Handlers.Asset
public override byte[] Handle(string path, Stream request, public override byte[] Handle(string path, Stream request,
IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) IOSHttpRequest httpRequest, IOSHttpResponse httpResponse)
{ {
AssetBase asset;
XmlSerializer xs = new XmlSerializer(typeof (AssetBase)); XmlSerializer xs = new XmlSerializer(typeof (AssetBase));
AssetBase asset = (AssetBase) xs.Deserialize(request);
try
{
asset = (AssetBase)xs.Deserialize(request);
}
catch (XmlException)
{
httpResponse.StatusCode = (int)HttpStatusCode.BadRequest;
return null;
}
string[] p = SplitParams(path); string[] p = SplitParams(path);
if (p.Length > 1) if (p.Length > 1)
{ {
bool result = bool result = m_AssetService.UpdateContent(p[1], asset.Data);
m_AssetService.UpdateContent(p[1], asset.Data);
xs = new XmlSerializer(typeof(bool)); xs = new XmlSerializer(typeof(bool));
return ServerUtils.SerializeResult(xs, result); return ServerUtils.SerializeResult(xs, result);

26
OpenSim/Server/Handlers/Asset/Tests/AssetServerPostHandlerTests.cs
View File

@ -27,6 +27,7 @@
using System; using System;
using System.IO; using System.IO;
using System.Net;
using System.Text; using System.Text;
using System.Xml; using System.Xml;
using System.Xml.Serialization; using System.Xml.Serialization;
@ -38,6 +39,7 @@ using OpenSim.Server.Handlers.Asset;
using OpenSim.Services.AssetService; using OpenSim.Services.AssetService;
using OpenSim.Services.Interfaces; using OpenSim.Services.Interfaces;
using OpenSim.Tests.Common; using OpenSim.Tests.Common;
using OpenSim.Tests.Common.Mock;
namespace OpenSim.Server.Handlers.Asset.Test namespace OpenSim.Server.Handlers.Asset.Test
{ {
@ -80,5 +82,29 @@ namespace OpenSim.Server.Handlers.Asset.Test
Assert.That(retrievedAsset, Is.Not.Null); Assert.That(retrievedAsset, Is.Not.Null);
} }
[Test]
public void TestBadXmlAssetStoreRequest()
{
TestHelpers.InMethod();
IConfigSource config = new IniConfigSource();
config.AddConfig("AssetService");
config.Configs["AssetService"].Set("StorageProvider", "OpenSim.Tests.Common.dll");
AssetService assetService = new AssetService(config);
AssetServerPostHandler asph = new AssetServerPostHandler(assetService);
MemoryStream buffer = new MemoryStream();
byte[] badData = new byte[] { 0x48, 0x65, 0x6c, 0x6c, 0x6f };
buffer.Write(badData, 0, badData.Length);
buffer.Position = 0;
TestOSHttpResponse response = new TestOSHttpResponse();
asph.Handle(null, buffer, null, response);
Assert.That(response.StatusCode, Is.EqualTo((int)HttpStatusCode.BadRequest));
}
} }
} }