You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@openoffice.apache.org by bu...@apache.org on 2013/03/21 04:56:21 UTC

[Bug 121926] New: webdav ucp: malformed PROPFIND request body

https://issues.apache.org/ooo/show_bug.cgi?id=121926

            Bug ID: 121926
        Issue Type: DEFECT
           Summary: webdav ucp: malformed PROPFIND request body
    Classification: Code
           Product: General
           Version: AOO 3.4.0
          Hardware: All
                OS: All
            Status: CONFIRMED
          Severity: normal
          Priority: P3
         Component: code
          Assignee: issues@openoffice.apache.org
          Reporter: arielch@apache.org
                CC: issues@openoffice.apache.org

All PROPFIND requests fail. Looking at the apache server log, reveals that the
request body is malformed:

[Thu Mar 21 00:36:46.999020 2013] [core:error] [pid 1114] [client ::1:44866]
AH00541: XML Parser Error: XML parser error code: not well-formed (invalid
token) (4)

The server response:

HTTP/1.1 400 Bad Request
Date: Thu, 21 Mar 2013 03:36:46 GMT
Server: Apache/2.4.3 (Fedora) OpenSSL/1.0.1e-fips PHP/5.4.12 mod_wsgi/3.4
Python/2.7.3 mod_perl/2.0.7 Perl/v5.16.2
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>


Looking at the code
http://svn.apache.org/viewvc/incubator/ooo/trunk/main/ucb/source/ucp/webdav/SerfPropFindReqProcImpl.cxx?revision=1351981&view=markup#l139

139     body_bkt = SERF_BUCKET_SIMPLE_STRING( rtl::OUStringToOString(
aBodyText, RTL_TEXTENCODING_UTF8 ),
140     pSerfBucketAlloc );

a) this is passing the rtl::OString, not a null terminated string
b) when the rtl string dies, the body bucket will point to garbage, looking at
the code in serf:


serf_bucket_t *serf_bucket_simple_create(
    const char *data,
    apr_size_t len,
    serf_simple_freefunc_t freefunc,
    void *freefunc_baton,
    serf_bucket_alloc_t *allocator)
{
    simple_context_t *ctx;

    ctx = serf_bucket_mem_alloc(allocator, sizeof(*ctx));
    ctx->original = ctx->current = data;
    ctx->remaining = len;
    ctx->freefunc = freefunc;
    ctx->baton = freefunc_baton;

    return serf_bucket_create(&serf_bucket_type_simple, allocator, ctx);
}

data is not copied. This will only work for string literals in read-only
storage that live longer than the function call.
In this case, the string content is freed when
SerfPropFindReqProcImpl::createSerfRequestBucket returns.
This way, the PROPFIND request body has garbage.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

[Bug 121926] webdav ucp: malformed PROPFIND request body

Posted by bu...@apache.org.

https://issues.apache.org/ooo/show_bug.cgi?id=121926

--- Comment #2 from SVN Robot <sv...@dev.null.org> ---
"arielch" committed SVN revision 1460356 into trunk:
i121926 - fix malformed PROPFIND/PROPPATCH request body

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

[Bug 121926] webdav ucp: malformed PROPFIND request body

Posted by bu...@apache.org.

https://issues.apache.org/ooo/show_bug.cgi?id=121926

Ariel Constenla-Haile <ar...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |121845

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

[Bug 121926] webdav ucp: malformed PROPFIND request body

Posted by bu...@apache.org.

https://issues.apache.org/ooo/show_bug.cgi?id=121926

Ariel Constenla-Haile <ar...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |121202

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

[Bug 121926] webdav ucp: malformed PROPFIND request body

Posted by bu...@apache.org.

https://issues.apache.org/ooo/show_bug.cgi?id=121926

Ariel Constenla-Haile <ar...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|CONFIRMED                   |RESOLVED
         Resolution|---                         |FIXED
           Assignee|issues@openoffice.apache.or |arielch@apache.org
                   |g                           |
   Target Milestone|---                         |AOO 4.0

--- Comment #3 from Ariel Constenla-Haile <ar...@apache.org> ---
Fixed on trunk

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

[Bug 121926] webdav ucp: malformed PROPFIND request body

Posted by bu...@apache.org.

https://issues.apache.org/ooo/show_bug.cgi?id=121926

--- Comment #1 from Ariel Constenla-Haile <ar...@apache.org> ---
PROPPATCH is also affected.
The fix is the same for both PROPFIND and PROPPATCH.

Testing the fix with PROPPATCH is quite impossible, because add/removeProperty
don't allow setting a css.ucb.XCommandEnvironment to authenticate to the WEBDAV
server. Opening a bug for this.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.