You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@openoffice.apache.org by bu...@apache.org on 2013/03/21 04:56:21 UTC
[Bug 121926] New: webdav ucp: malformed PROPFIND request body
https://issues.apache.org/ooo/show_bug.cgi?id=121926
Bug ID: 121926
Issue Type: DEFECT
Summary: webdav ucp: malformed PROPFIND request body
Classification: Code
Product: General
Version: AOO 3.4.0
Hardware: All
OS: All
Status: CONFIRMED
Severity: normal
Priority: P3
Component: code
Assignee: issues@openoffice.apache.org
Reporter: arielch@apache.org
CC: issues@openoffice.apache.org
All PROPFIND requests fail. Looking at the apache server log, reveals that the
request body is malformed:
[Thu Mar 21 00:36:46.999020 2013] [core:error] [pid 1114] [client ::1:44866]
AH00541: XML Parser Error: XML parser error code: not well-formed (invalid
token) (4)
The server response:
HTTP/1.1 400 Bad Request
Date: Thu, 21 Mar 2013 03:36:46 GMT
Server: Apache/2.4.3 (Fedora) OpenSSL/1.0.1e-fips PHP/5.4.12 mod_wsgi/3.4
Python/2.7.3 mod_perl/2.0.7 Perl/v5.16.2
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>
Looking at the code
http://svn.apache.org/viewvc/incubator/ooo/trunk/main/ucb/source/ucp/webdav/SerfPropFindReqProcImpl.cxx?revision=1351981&view=markup#l139
139 body_bkt = SERF_BUCKET_SIMPLE_STRING( rtl::OUStringToOString(
aBodyText, RTL_TEXTENCODING_UTF8 ),
140 pSerfBucketAlloc );
a) this is passing the rtl::OString, not a null terminated string
b) when the rtl string dies, the body bucket will point to garbage, looking at
the code in serf:
serf_bucket_t *serf_bucket_simple_create(
const char *data,
apr_size_t len,
serf_simple_freefunc_t freefunc,
void *freefunc_baton,
serf_bucket_alloc_t *allocator)
{
simple_context_t *ctx;
ctx = serf_bucket_mem_alloc(allocator, sizeof(*ctx));
ctx->original = ctx->current = data;
ctx->remaining = len;
ctx->freefunc = freefunc;
ctx->baton = freefunc_baton;
return serf_bucket_create(&serf_bucket_type_simple, allocator, ctx);
}
data is not copied. This will only work for string literals in read-only
storage that live longer than the function call.
In this case, the string content is freed when
SerfPropFindReqProcImpl::createSerfRequestBucket returns.
This way, the PROPFIND request body has garbage.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
[Bug 121926] webdav ucp: malformed PROPFIND request body
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=121926
--- Comment #2 from SVN Robot <sv...@dev.null.org> ---
"arielch" committed SVN revision 1460356 into trunk:
i121926 - fix malformed PROPFIND/PROPPATCH request body
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
[Bug 121926] webdav ucp: malformed PROPFIND request body
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=121926
Ariel Constenla-Haile <ar...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |121845
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
[Bug 121926] webdav ucp: malformed PROPFIND request body
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=121926
Ariel Constenla-Haile <ar...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |121202
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
[Bug 121926] webdav ucp: malformed PROPFIND request body
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=121926
Ariel Constenla-Haile <ar...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|CONFIRMED |RESOLVED
Resolution|--- |FIXED
Assignee|issues@openoffice.apache.or |arielch@apache.org
|g |
Target Milestone|--- |AOO 4.0
--- Comment #3 from Ariel Constenla-Haile <ar...@apache.org> ---
Fixed on trunk
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
[Bug 121926] webdav ucp: malformed PROPFIND request body
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=121926
--- Comment #1 from Ariel Constenla-Haile <ar...@apache.org> ---
PROPPATCH is also affected.
The fix is the same for both PROPFIND and PROPPATCH.
Testing the fix with PROPPATCH is quite impossible, because add/removeProperty
don't allow setting a css.ucb.XCommandEnvironment to authenticate to the WEBDAV
server. Opening a bug for this.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.