Apache OpenOffice (AOO) Bugzilla – Issue 121926
webdav ucp: malformed PROPFIND request body
Last modified: 2022-10-28 12:54:26 UTC
All PROPFIND requests fail. Looking at the apache server log, reveals that the request body is malformed: [Thu Mar 21 00:36:46.999020 2013] [core:error] [pid 1114] [client ::1:44866] AH00541: XML Parser Error: XML parser error code: not well-formed (invalid token) (4) The server response: HTTP/1.1 400 Bad Request Date: Thu, 21 Mar 2013 03:36:46 GMT Server: Apache/2.4.3 (Fedora) OpenSSL/1.0.1e-fips PHP/5.4.12 mod_wsgi/3.4 Python/2.7.3 mod_perl/2.0.7 Perl/v5.16.2 Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>400 Bad Request</title> </head><body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<br /> </p> </body></html> Looking at the code http://svn.apache.org/viewvc/incubator/ooo/trunk/main/ucb/source/ucp/webdav/SerfPropFindReqProcImpl.cxx?revision=1351981&view=markup#l139 139 body_bkt = SERF_BUCKET_SIMPLE_STRING( rtl::OUStringToOString( aBodyText, RTL_TEXTENCODING_UTF8 ), 140 pSerfBucketAlloc ); a) this is passing the rtl::OString, not a null terminated string b) when the rtl string dies, the body bucket will point to garbage, looking at the code in serf: serf_bucket_t *serf_bucket_simple_create( const char *data, apr_size_t len, serf_simple_freefunc_t freefunc, void *freefunc_baton, serf_bucket_alloc_t *allocator) { simple_context_t *ctx; ctx = serf_bucket_mem_alloc(allocator, sizeof(*ctx)); ctx->original = ctx->current = data; ctx->remaining = len; ctx->freefunc = freefunc; ctx->baton = freefunc_baton; return serf_bucket_create(&serf_bucket_type_simple, allocator, ctx); } data is not copied. This will only work for string literals in read-only storage that live longer than the function call. In this case, the string content is freed when SerfPropFindReqProcImpl::createSerfRequestBucket returns. This way, the PROPFIND request body has garbage.
PROPPATCH is also affected. The fix is the same for both PROPFIND and PROPPATCH. Testing the fix with PROPPATCH is quite impossible, because add/removeProperty don't allow setting a css.ucb.XCommandEnvironment to authenticate to the WEBDAV server. Opening a bug for this.
"arielch" committed SVN revision 1460356 into trunk: i121926 - fix malformed PROPFIND/PROPPATCH request body
Fixed on trunk