Fixed data collecting in multipart parsing

2025-08-13 13:26:01 +03:00 · 2019-02-01 23:11:56 +00:00 · 2019-02-01 23:11:56 +00:00 · 17d79ed7ba
commit 17d79ed7ba
parent ac61bf5fda
2 changed files with 67 additions and 2 deletions
--- a/src/request_body_processor/multipart.cc
+++ b/src/request_body_processor/multipart.cc
@ -1080,8 +1080,8 @@ int Multipart::multipart_complete(std::string *error) {
            m_transaction->m_variableFiles.set(m->m_filename,
                m->m_filename, m->m_filenameOffset);

-            m_transaction->m_variableFilesNames.set(m->m_filename,
-                m->m_filename, m->m_filenameOffset);
+            m_transaction->m_variableFilesNames.set(m->m_name,
+                m->m_name, m->m_nameOffset);

            m_transaction->m_variableFilesSizes.set(m->m_name,
                std::to_string(m->m_tmp_file_size.first),
--- a/test/test-cases/regression/rule-920120.json
+++ b/test/test-cases/regression/rule-920120.json
@ -0,0 +1,65 @@
+[
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: OWASP CRS id:920120",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept-Language":"en-us,en;q=0.5",
+        "Accept":"*/*",
+        "Content-Length":"411",
+        "Content-Type":"multipart/form-data; boundary=---------------------------265001916915724",
+        "Proxy-Connection":"keep-alive",
+        "Keep-Alive":"300"
+      },
+      "uri":"/",
+      "method":"POST",
+      "body": [
+        "-----------------------------265001916915724\r",
+        "Content-Disposition: form-data; name=\"fi;le\"; filename=\"test\"\r",
+        "Content-Type: application/octet-stream\r",
+        "\r",
+        "Rotem & Ayala\r",
+        "\r",
+        "-----------------------------265001916915724\r",
+        "Content-Disposition: form-data; name=\"name\"\r",
+        "\r",
+        "tt2\r",
+        "-----------------------------265001916915724\r",
+        "Content-Disposition: form-data; name=\"B1\"\r",
+        "\r",
+        "Submit\r",
+        "-----------------------------265001916915724--\r"
+      ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "http_code":400
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecDefaultAction \"phase:2,deny,block,status:400,log\"",
+      "SecRule FILES_NAMES|FILES \"@rx (?<!&(?:[aAoOuUyY]uml)|&(?:[aAeEiIoOuU]circ)|&(?:[eEiIoOuUyY]acute)|&(?:[aAeEiIoOuU]grave)|&(?:[cC]cedil)|&(?:[aAnNoO]tilde)|&(?:amp)|&(?:apos));|['\\\"=]\" \"id:920120,phase:2,block,t:none,t:urlDecodeUni,msg:'Attempted multipart/form-data bypass',logdata:'%{MATCHED_VAR}',tag:'application-multi',tag:'language-multi',tag:'platform-multi',tag:'attack-protocol',tag:'OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ',tag:'CAPEC-272',ver:'OWASP_CRS/3.1.0',severity:'CRITICAL',setvar:'tx.msg=%{rule.msg}',setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ-%{MATCHED_VAR_NAME}=%{MATCHED_VAR}'\""
+    ]
+  }
+]
+