From 5df3865c94275ae52ff3f1115a9175e01ab272ec Mon Sep 17 00:00:00 2001 From: ivanr Date: Mon, 20 Aug 2007 15:25:05 +0000 Subject: [PATCH] Fix LF line detection, add MULTIPART_CRLF_LINE, MULTIPART_CRLF_LF_LINES. --- apache2/msc_multipart.c | 28 +++++++++++++++++++----- apache2/msc_multipart.h | 1 + apache2/re_variables.c | 47 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 71 insertions(+), 5 deletions(-) diff --git a/apache2/msc_multipart.c b/apache2/msc_multipart.c index 2ec983da..5e4d79fc 100644 --- a/apache2/msc_multipart.c +++ b/apache2/msc_multipart.c @@ -172,17 +172,28 @@ static int multipart_parse_content_disposition(modsec_rec *msr, char *c_d_value) * */ static int multipart_process_part_header(modsec_rec *msr, char **error_msg) { - int i, rc; + int i, len, rc; if (error_msg == NULL) return -1; *error_msg = NULL; /* Check for nul bytes. */ - for(i = 0; i < (MULTIPART_BUF_SIZE - msr->mpd->bufleft); i++) { + len = MULTIPART_BUF_SIZE - msr->mpd->bufleft; + for(i = 0; i < len; i++) { if (msr->mpd->buf[i] == '\0') { *error_msg = apr_psprintf(msr->mp, "Multipart: Nul byte in part headers."); return -1; + } + } + + if (len > 1) { + if (msr->mpd->buf[len - 2] == '\r') { + msr->mpd->flag_lf_line = 1; + } else { + msr->mpd->flag_crlf_line = 1; } + } else { + msr->mpd->flag_lf_line = 1; } /* Is this an empty line? */ @@ -196,9 +207,11 @@ static int multipart_process_part_header(modsec_rec *msr, char **error_msg) { /* Empty line. */ - if (msr->mpd->buf[0] == '\n') { - msr->mpd->flag_lf_line = 1; - } + //if (msr->mpd->buf[0] == '\n') { + // msr->mpd->flag_lf_line = 1; + //} else { + // msr->mpd->flag_crlf_line = 1; + //} header_value = (char *)apr_table_get(msr->mpd->mpp->headers, "Content-Disposition"); if (header_value == NULL) { @@ -237,6 +250,9 @@ static int multipart_process_part_header(modsec_rec *msr, char **error_msg) { msr->mpd->mpp->last_header_name = NULL; } else { /* Header line. */ + + // XXX + if ((msr->mpd->buf[0] == '\t')||(msr->mpd->buf[0] == ' ')) { char *header_value, *new_value, *data; @@ -838,6 +854,8 @@ int multipart_process_chunk(modsec_rec *msr, const char *buf, { if (*boundary_end == '\n') { msr->mpd->flag_lf_line = 1; + } else { + msr->mpd->flag_crlf_line = 1; } if (multipart_process_boundary(msr, (is_final ? 1 : 0), error_msg) < 0) { diff --git a/apache2/msc_multipart.h b/apache2/msc_multipart.h index ff9488dc..54022c6b 100644 --- a/apache2/msc_multipart.h +++ b/apache2/msc_multipart.h @@ -105,6 +105,7 @@ struct multipart_data { int flag_header_folding; int flag_boundary_quoted; int flag_lf_line; + int flag_crlf_line; int flag_unmatched_boundary; int flag_boundary_whitespace; }; diff --git a/apache2/re_variables.c b/apache2/re_variables.c index 402ea64a..ca7b646e 100644 --- a/apache2/re_variables.c +++ b/apache2/re_variables.c @@ -1711,6 +1711,30 @@ static int var_multipart_header_folding_generate(modsec_rec *msr, msre_var *var, } } +/* MULTIPART_CRLF_LINE */ + +static int var_multipart_crlf_line_generate(modsec_rec *msr, msre_var *var, msre_rule *rule, + apr_table_t *vartab, apr_pool_t *mptmp) +{ + if ((msr->mpd != NULL)&&(msr->mpd->flag_crlf_line != 0)) { + return var_simple_generate(var, vartab, mptmp, "1"); + } else { + return var_simple_generate(var, vartab, mptmp, "0"); + } +} + +/* MULTIPART_CRLF_LF_LINES */ + +static int var_multipart_crlf_lf_lines_generate(modsec_rec *msr, msre_var *var, msre_rule *rule, + apr_table_t *vartab, apr_pool_t *mptmp) +{ + if ((msr->mpd != NULL)&&(msr->mpd->flag_lf_line != 0)&&(msr->mpd->flag_crlf_line != 0)) { + return var_simple_generate(var, vartab, mptmp, "1"); + } else { + return var_simple_generate(var, vartab, mptmp, "0"); + } +} + /* MULTIPART_LF_LINE */ static int var_multipart_lf_line_generate(modsec_rec *msr, msre_var *var, msre_rule *rule, @@ -2593,6 +2617,29 @@ void msre_engine_register_default_variables(msre_engine *engine) { PHASE_REQUEST_BODY ); + /* MULTIPART_CRLF_LINE */ + msre_engine_variable_register(engine, + "MULTIPART_CRLF_LINE", + VAR_SIMPLE, + 0, 0, + NULL, + var_multipart_crlf_line_generate, + VAR_CACHE, + PHASE_REQUEST_BODY + ); + + /* MULTIPART_CRLF_LF_LINES */ + msre_engine_variable_register(engine, + "MULTIPART_CRLF_LF_LINES", + VAR_SIMPLE, + 0, 0, + NULL, + var_multipart_crlf_lf_lines_generate, + VAR_CACHE, + PHASE_REQUEST_BODY + ); + + /* MULTIPART_LF_LINE */ msre_engine_variable_register(engine, "MULTIPART_LF_LINE",