github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 07:56:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

Better discovery of partial quoting evasion.

Browse Source
This commit is contained in:
ivanr 2007-08-10 14:51:55 +00:00
parent b1949b7ebc
commit 323f9f81a0
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apache2/msc_multipart.c
View File

@ -574,7 +574,11 @@ int multipart_init(modsec_rec *msr, char **error_msg) {
} }
} else { } else {
/* Not quoted. */ /* Not quoted. */
if (*b == '"') {
/* Test for partial quoting. */
if ( (*b == '"')
|| ((len >= 2)&&(*(b + len - 1) == '"')) )
{
*error_msg = apr_psprintf(msr->mp, "Invalid boundary (quote)."); *error_msg = apr_psprintf(msr->mp, "Invalid boundary (quote).");
return -1; return -1;
} }