Added additional check for XML well formed.

apache2/re_operators.c

@@ -872,16 +872,24 @@ static int msre_op_validateDTD_execute(modsec_rec *msr, msre_rule *rule, msre_va
     xmlValidCtxtPtr cvp;
     xmlDtdPtr dtd;
 
-    if (msr->msc_reqbody_error) {
+    if ((msr->xml == NULL)||(msr->xml->doc == NULL)) {
-        *error_msg = apr_psprintf(msr->mp, "XML: DTD validation could not proceed"
+        *error_msg = apr_psprintf(msr->mp,
-            " due to previous processing errors.");
+            "XML document tree could not be found for DTD validation.");
+        return -1;
+    }
+
+    if (msr->xml->well_formed != 1) {
+        *error_msg = apr_psprintf(msr->mp,
+            "XML: DTD validation failed because content is not well formed.");
         return 1;
     }
 
-    if ((msr->xml == NULL)||(msr->xml->doc == NULL)) {
+    /* Make sure there were no other generic processing errors */
-        *error_msg = apr_psprintf(msr->mp, "XML document tree could not be found for "
+    if (msr->msc_reqbody_error) {
-            "DTD validation.");
+        *error_msg = apr_psprintf(msr->mp,
-        return -1;
+            "XML: DTD validation could not proceed due to previous"
+            " processing errors.");
+        return 1;
     }
 
     dtd = xmlParseDTD(NULL, (const xmlChar *)rule->op_param); /* EHN support relative filenames */
@@ -934,16 +942,24 @@ static int msre_op_validateSchema_execute(modsec_rec *msr, msre_rule *rule, msre
     xmlSchemaPtr schema;
     int rc;
 
-    if (msr->msc_reqbody_error) {
+    if ((msr->xml == NULL)||(msr->xml->doc == NULL)) {
-        *error_msg = apr_psprintf(msr->mp, "XML: Schema validation could not proceed"
+        *error_msg = apr_psprintf(msr->mp,
-            " due to previous processing errors.");
+            "XML document tree could not be found for schema validation.");
+        return -1;
+    }
+
+    if (msr->xml->well_formed != 1) {
+        *error_msg = apr_psprintf(msr->mp,
+            "XML: Schema validation failed because content is not well formed.");
         return 1;
     }
 
-    if ((msr->xml == NULL)||(msr->xml->doc == NULL)) {
+    /* Make sure there were no other generic processing errors */
-        *error_msg = apr_psprintf(msr->mp, "XML document tree could not be found for "
+    if (msr->msc_reqbody_error) {
-            "Schema validation.");
+        *error_msg = apr_psprintf(msr->mp,
-        return -1;
+            "XML: Schema validation could not proceed due to previous"
+            " processing errors.");
+        return 1;
     }
 
     parserCtx = xmlSchemaNewParserCtxt(rule->op_param); /* ENH support relative filenames */

apache2/t/regression/rule/10-xml.t

@@ -111,7 +111,7 @@
 		        "phase:2,deny,id:12345"
 	),
 	match_log => {
-		debug => [ qr/XML: Initialising parser.*XML: Parsing complete \(well_formed 0\).*XML parser error.*validation could not proceed due to previous processing errors/s, 1 ],
+		debug => [ qr/XML: Initialising parser.*XML: Parsing complete \(well_formed 0\).*XML parser error.*validation failed because content is not well formed/s, 1 ],
 		-debug => [ qr/Failed to load|Successfully validated/, 1 ],
 		-error => [ qr/Failed to load|Successfully validated/, 1 ],
 	},
@@ -291,7 +291,7 @@
 		        "phase:2,deny,id:12345"
 	),
 	match_log => {
-		debug => [ qr/XML: Initialising parser.*XML: Parsing complete \(well_formed 0\).*XML parser error.*validation could not proceed due to previous processing errors/s, 1 ],
+		debug => [ qr/XML: Initialising parser.*XML: Parsing complete \(well_formed 0\).*XML parser error.*validation failed because content is not well formed/s, 1 ],
 		-debug => [ qr/Failed to load|Successfully validated/, 1 ],
 		-error => [ qr/Failed to load|Successfully validated/, 1 ],
 	},