3 files changed, 92 insertions, 19 deletions
diff --git a/indra/llmessage/lliohttpserver.cpp b/indra/llmessage/lliohttpserver.cpp
index 83dfa94f00..ce815cc85b 100644
--- a/indra/llmessage/lliohttpserver.cpp
+++ b/indra/llmessage/lliohttpserver.cpp
@@ -520,7 +520,7 @@ protected:
 	 * seek orfor string assignment.
 	 * @returns Returns true if a line was found.
 	 */
-	bool readLine(
+	bool readHeaderLine(
 		const LLChannelDescriptors& channels,
 		buffer_ptr_t buffer,
 		U8* dest,
@@ -591,7 +591,7 @@ LLHTTPResponder::~LLHTTPResponder()
 	//lldebugs << "destroying LLHTTPResponder" << llendl;
 }
 
-bool LLHTTPResponder::readLine(
+bool LLHTTPResponder::readHeaderLine(
 	const LLChannelDescriptors& channels,
 	buffer_ptr_t buffer,
 	U8* dest,
@@ -669,7 +669,7 @@ LLIOPipe::EStatus LLHTTPResponder::process_impl(
 #endif
 		
 		PUMP_DEBUG;
-		if(readLine(channels, buffer, (U8*)buf, len))
+		if(readHeaderLine(channels, buffer, (U8*)buf, len))
 		{
 			bool read_next_line = false;
 			bool parse_all = true;
@@ -733,7 +733,13 @@ LLIOPipe::EStatus LLHTTPResponder::process_impl(
 					if(read_next_line)
 					{
 						len = HEADER_BUFFER_SIZE;	
-						readLine(channels, buffer, (U8*)buf, len);
+						if (!readHeaderLine(channels, buffer, (U8*)buf, len))
+						{
+							// Failed to read the header line, probably too long.
+							// readHeaderLine already marked the channel/buffer as bad.
+							keep_parsing = false;
+							break;
+						}
 					}
 					if(0 == len)
 					{
diff --git a/indra/llmessage/llxfermanager.cpp b/indra/llmessage/llxfermanager.cpp
index 08c9192c9f..209bdb2249 100644
--- a/indra/llmessage/llxfermanager.cpp
+++ b/indra/llmessage/llxfermanager.cpp
@@ -760,30 +760,36 @@ static bool remove_prefix(std::string& filename, const std::string& prefix)
 static bool verify_cache_filename(const std::string& filename)
 {
 	//NOTE: This routine is only used to check file names that our own
-	// code places in the cache directory.  As such, it can be limited
-	// to this very restrictive file name pattern.  It does not need to
-	// handle other characters.
-
+	// code places in the cache directory.	As such, it can be limited
+	// to this very restrictive file name pattern.	It does not need to
+	// handle other characters. The only known uses of this are (with examples):
+	//	sim to sim object pass:			fc0b72d8-9456-63d9-a802-a557ef847313.tmp
+	//	sim to viewer mute list:		mute_b78eacd0-1244-448e-93ca-28ede242f647.tmp
+	//	sim to viewer task inventory:	inventory_d8ab59d2-baf0-0e79-c4c2-a3f99b9fcf45.tmp
+	
+	//IMPORTANT: Do not broaden the filenames accepted by this routine
+	// without careful analysis. Anything allowed by this function can
+	// be downloaded by the viewer.
+	
 	size_t len = filename.size();
-	//const boost::regex expr("[a-zA-Z0-9][-_.a-zA-Z0-9]<0,49>");
-	if (len < 1 || len > 50)
-	{
+	//const boost::regex expr("[0-9a-zA-Z_-]<1,46>\.tmp");
+	if (len < 5 || len > 50)
+	{	
 		return false;
 	}
-	for(unsigned i=0; i<len; ++i)
-	{
+	for(size_t i=0; i<(len-4); ++i)
+	{	
 		char c = filename[i];
-		bool ok = isalnum(c);
-		if (!ok && i > 0)
-		{
-			ok = '_'==c || '-'==c || '.'==c;
-		}
+		bool ok = isalnum(c) || '_'==c || '-'==c;
 		if (!ok)
 		{
 			return false;
 		}
 	}
-	return true;
+	return filename[len-4] == '.'
+		&& filename[len-3] == 't'
+		&& filename[len-2] == 'm'
+		&& filename[len-1] == 'p';
 }
 
 void LLXferManager::processFileRequest (LLMessageSystem *mesgsys, void ** /*user_data*/)
diff --git a/indra/llmessage/tests/llmockhttpclient.h b/indra/llmessage/tests/llmockhttpclient.h
new file mode 100644
index 0000000000..2f55e97fcc
--- /dev/null
+++ b/indra/llmessage/tests/llmockhttpclient.h
@@ -0,0 +1,61 @@
+/** 
+ * @file 
+ * @brief 
+ *
+ * $LicenseInfo:firstyear=2008&license=viewergpl$
+ * 
+ * Copyright (c) 2008, Linden Research, Inc.
+ * 
+ * The following source code is PROPRIETARY AND CONFIDENTIAL. Use of
+ * this source code is governed by the Linden Lab Source Code Disclosure
+ * Agreement ("Agreement") previously entered between you and Linden
+ * Lab. By accessing, using, copying, modifying or distributing this
+ * software, you acknowledge that you have been informed of your
+ * obligations under the Agreement and agree to abide by those obligations.
+ * 
+ * ALL LINDEN LAB SOURCE CODE IS PROVIDED "AS IS." LINDEN LAB MAKES NO
+ * WARRANTIES, EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY,
+ * COMPLETENESS OR PERFORMANCE.
+ * $/LicenseInfo$
+ */
+
+/* Macro Definitions */
+#ifndef LL_LLMOCKHTTPCLIENT_H
+#define LL_LLMOCKHTTPCLIENT_H
+
+#include "linden_common.h"
+#include "llhttpclientinterface.h"
+
+#include <gmock/gmock.h>
+
+class LLMockHTTPClient : public LLHTTPClientInterface
+{
+public:
+  MOCK_METHOD2(get, void(const std::string& url, LLCurl::ResponderPtr responder));
+  MOCK_METHOD3(get, void(const std::string& url, LLCurl::ResponderPtr responder, const LLSD& headers));
+  MOCK_METHOD3(put, void(const std::string& url, const LLSD& body, LLCurl::ResponderPtr responder));
+};
+
+// A helper to match responder types
+template<typename T>
+struct ResponderType
+{
+	bool operator()(LLCurl::ResponderPtr ptr) const
+	{
+		T* p = dynamic_cast<T*>(ptr.get());
+		return p != NULL;
+	}
+};
+
+inline bool operator==(const LLSD& l, const LLSD& r)
+{
+	std::ostringstream ls, rs;
+	ls << l;
+	rs << r;
+	return ls.str() == rs.str();
+
+}
+
+
+#endif //LL_LLMOCKHTTPCLIENT_H
+