1/* Licensed to the Apache Software Foundation (ASF) under one or more 2 * contributor license agreements. See the NOTICE file distributed with 3 * this work for additional information regarding copyright ownership. 4 * The ASF licenses this file to You under the Apache License, Version 2.0 5 * (the "License"); you may not use this file except in compliance with 6 * the License. You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include "apr_xml.h" 18 19#include "httpd.h" 20#include "http_protocol.h" 21#include "http_log.h" 22#include "http_core.h" 23 24#include "util_charset.h" 25#include "util_xml.h" 26 27 28/* used for reading input blocks */ 29#define READ_BLOCKSIZE 2048 30 31 32/* we know core's module_index is 0 */ 33#undef APLOG_MODULE_INDEX 34#define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX 35 36AP_DECLARE(int) ap_xml_parse_input(request_rec * r, apr_xml_doc **pdoc) 37{ 38 apr_xml_parser *parser; 39 apr_bucket_brigade *brigade; 40 int seen_eos; 41 apr_status_t status; 42 char errbuf[200]; 43 apr_size_t total_read = 0; 44 apr_size_t limit_xml_body = ap_get_limit_xml_body(r); 45 int result = HTTP_BAD_REQUEST; 46 47 parser = apr_xml_parser_create(r->pool); 48 brigade = apr_brigade_create(r->pool, r->connection->bucket_alloc); 49 50 seen_eos = 0; 51 total_read = 0; 52 53 do { 54 apr_bucket *bucket; 55 56 /* read the body, stuffing it into the parser */ 57 status = ap_get_brigade(r->input_filters, brigade, 58 AP_MODE_READBYTES, APR_BLOCK_READ, 59 READ_BLOCKSIZE); 60 61 if (status != APR_SUCCESS) { 62 goto read_error; 63 } 64 65 for (bucket = APR_BRIGADE_FIRST(brigade); 66 bucket != APR_BRIGADE_SENTINEL(brigade); 67 bucket = APR_BUCKET_NEXT(bucket)) 68 { 69 const char *data; 70 apr_size_t len; 71 72 if (APR_BUCKET_IS_EOS(bucket)) { 73 seen_eos = 1; 74 break; 75 } 76 77 if (APR_BUCKET_IS_METADATA(bucket)) { 78 continue; 79 } 80 81 status = apr_bucket_read(bucket, &data, &len, APR_BLOCK_READ); 82 if (status != APR_SUCCESS) { 83 goto read_error; 84 } 85 86 total_read += len; 87 if (limit_xml_body && total_read > limit_xml_body) { 88 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00539) 89 "XML request body is larger than the configured " 90 "limit of %lu", (unsigned long)limit_xml_body); 91 result = HTTP_REQUEST_ENTITY_TOO_LARGE; 92 goto read_error; 93 } 94 95 status = apr_xml_parser_feed(parser, data, len); 96 if (status) { 97 goto parser_error; 98 } 99 } 100 101 apr_brigade_cleanup(brigade); 102 } while (!seen_eos); 103 104 apr_brigade_destroy(brigade); 105 106 /* tell the parser that we're done */ 107 status = apr_xml_parser_done(parser, pdoc); 108 if (status) { 109 /* Some parsers are stupid and return an error on blank documents. */ 110 if (!total_read) { 111 *pdoc = NULL; 112 return OK; 113 } 114 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00540) 115 "XML parser error (at end). status=%d", status); 116 return HTTP_BAD_REQUEST; 117 } 118 119#if APR_CHARSET_EBCDIC 120 apr_xml_parser_convert_doc(r->pool, *pdoc, ap_hdrs_from_ascii); 121#endif 122 return OK; 123 124 parser_error: 125 (void) apr_xml_parser_geterror(parser, errbuf, sizeof(errbuf)); 126 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00541) 127 "XML Parser Error: %s", errbuf); 128 129 /* FALLTHRU */ 130 131 read_error: 132 /* make sure the parser is terminated */ 133 (void) apr_xml_parser_done(parser, NULL); 134 135 apr_brigade_destroy(brigade); 136 137 /* Apache will supply a default error, plus the error log above. */ 138 return result; 139} 140