From a8933475b75d40713f80daf0a13039cf6ae380e3 Mon Sep 17 00:00:00 2001 From: brectanus Date: Wed, 10 Sep 2008 18:32:24 +0000 Subject: [PATCH] Added additional check for XML well formed. --- apache2/re_operators.c | 44 ++++++++++++++++++++---------- apache2/t/regression/rule/10-xml.t | 4 +-- 2 files changed, 32 insertions(+), 16 deletions(-) diff --git a/apache2/re_operators.c b/apache2/re_operators.c index 1545902c..f1c406ce 100644 --- a/apache2/re_operators.c +++ b/apache2/re_operators.c @@ -872,16 +872,24 @@ static int msre_op_validateDTD_execute(modsec_rec *msr, msre_rule *rule, msre_va xmlValidCtxtPtr cvp; xmlDtdPtr dtd; - if (msr->msc_reqbody_error) { - *error_msg = apr_psprintf(msr->mp, "XML: DTD validation could not proceed" - " due to previous processing errors."); + if ((msr->xml == NULL)||(msr->xml->doc == NULL)) { + *error_msg = apr_psprintf(msr->mp, + "XML document tree could not be found for DTD validation."); + return -1; + } + + if (msr->xml->well_formed != 1) { + *error_msg = apr_psprintf(msr->mp, + "XML: DTD validation failed because content is not well formed."); return 1; } - if ((msr->xml == NULL)||(msr->xml->doc == NULL)) { - *error_msg = apr_psprintf(msr->mp, "XML document tree could not be found for " - "DTD validation."); - return -1; + /* Make sure there were no other generic processing errors */ + if (msr->msc_reqbody_error) { + *error_msg = apr_psprintf(msr->mp, + "XML: DTD validation could not proceed due to previous" + " processing errors."); + return 1; } dtd = xmlParseDTD(NULL, (const xmlChar *)rule->op_param); /* EHN support relative filenames */ @@ -934,16 +942,24 @@ static int msre_op_validateSchema_execute(modsec_rec *msr, msre_rule *rule, msre xmlSchemaPtr schema; int rc; - if (msr->msc_reqbody_error) { - *error_msg = apr_psprintf(msr->mp, "XML: Schema validation could not proceed" - " due to previous processing errors."); + if ((msr->xml == NULL)||(msr->xml->doc == NULL)) { + *error_msg = apr_psprintf(msr->mp, + "XML document tree could not be found for schema validation."); + return -1; + } + + if (msr->xml->well_formed != 1) { + *error_msg = apr_psprintf(msr->mp, + "XML: Schema validation failed because content is not well formed."); return 1; } - if ((msr->xml == NULL)||(msr->xml->doc == NULL)) { - *error_msg = apr_psprintf(msr->mp, "XML document tree could not be found for " - "Schema validation."); - return -1; + /* Make sure there were no other generic processing errors */ + if (msr->msc_reqbody_error) { + *error_msg = apr_psprintf(msr->mp, + "XML: Schema validation could not proceed due to previous" + " processing errors."); + return 1; } parserCtx = xmlSchemaNewParserCtxt(rule->op_param); /* ENH support relative filenames */ diff --git a/apache2/t/regression/rule/10-xml.t b/apache2/t/regression/rule/10-xml.t index 21eff807..ab892c26 100644 --- a/apache2/t/regression/rule/10-xml.t +++ b/apache2/t/regression/rule/10-xml.t @@ -111,7 +111,7 @@ "phase:2,deny,id:12345" ), match_log => { - debug => [ qr/XML: Initialising parser.*XML: Parsing complete \(well_formed 0\).*XML parser error.*validation could not proceed due to previous processing errors/s, 1 ], + debug => [ qr/XML: Initialising parser.*XML: Parsing complete \(well_formed 0\).*XML parser error.*validation failed because content is not well formed/s, 1 ], -debug => [ qr/Failed to load|Successfully validated/, 1 ], -error => [ qr/Failed to load|Successfully validated/, 1 ], }, @@ -291,7 +291,7 @@ "phase:2,deny,id:12345" ), match_log => { - debug => [ qr/XML: Initialising parser.*XML: Parsing complete \(well_formed 0\).*XML parser error.*validation could not proceed due to previous processing errors/s, 1 ], + debug => [ qr/XML: Initialising parser.*XML: Parsing complete \(well_formed 0\).*XML parser error.*validation failed because content is not well formed/s, 1 ], -debug => [ qr/Failed to load|Successfully validated/, 1 ], -error => [ qr/Failed to load|Successfully validated/, 1 ], },