Application Security Testing: An Integral Part of DevOps
This is the first in a series of tips being posted based on the most read posts in one of our ASP Forums.
Problem / Question:
When .docx files are downloaded from an ASP page, they can give an error when opened in Word. The error is:
"The Open Office XML File cannot be opened because there are problems with the contents. (Details: The file is corrupt and cannot be opened)".
The files themselves are fine, because they can be opened normally accessed via other means. The ASP download page works fine with other file types (doc, pdf, etc.); however, the same problem occurs for other Office (2007) formats. It appears that something is incorrect with the ASP code with respect to Office file formats; however, I cannot identify the problem. Below is the relevant code snippet.
Set objFSO = Server.CreateObject("Scripting.FileSystemObject") Set objFile = objFSO.GetFile(strAbsFile) Response.Clear Response.AddHeader "Content-Disposition", "attachment; filename=" & objFile.Name Response.AddHeader "Content-Length", objFile.Size Response.ContentType = "application/octet-stream" Set objStream = Server.CreateObject("ADODB.Stream") objStream.Open objStream.Type = 1 Response.CharSet = "UTF-8" objStream.LoadFromFile(strAbsFile) Response.BinaryWrite(objStream.Read)
Any help or insight would be appreciated.
The problem was that my ASP download page continued to write output *after* the Response.BinaryWrite command. Removing the later content, or adding a Response.End afterward, resolves the issue.
Many file formats can handle extraneous trailing data. For example, JPG images have the number of bytes in the following data encoded in the header to the image (invisible to you), so extra bytes don't matter. XML, however, is *VERY* fussy and does *NOT* allow *ANYTHING* that is not properly enclosed in XML tags.
Based on posts by forum members Adamroth and answer by Bill Wilkerson