Fix LF line detection, add MULTIPART_CRLF_LINE, MULTIPART_CRLF_LF_LINES.

2025-09-29 19:24:29 +03:00 · 2007-08-20 15:25:05 +00:00
parent 239fa00957
commit 608f7f2b44
3 changed files with 70 additions and 5 deletions
--- a/apache2/msc_multipart.c
+++ b/apache2/msc_multipart.c
@@ -172,17 +172,28 @@ static int multipart_parse_content_disposition(modsec_rec *msr, char *c_d_value)
 *
 */
 static int multipart_process_part_header(modsec_rec *msr, char **error_msg) {
-    int i, rc;
+    int i, len, rc;
    
    if (error_msg == NULL) return -1;
    *error_msg = NULL;

    /* Check for nul bytes. */
-    for(i = 0; i < (MULTIPART_BUF_SIZE - msr->mpd->bufleft); i++) {
+    len = MULTIPART_BUF_SIZE - msr->mpd->bufleft;
+    for(i = 0; i < len; i++) {
        if (msr->mpd->buf[i] == '\0') {
            *error_msg = apr_psprintf(msr->mp, "Multipart: Nul byte in part headers.");
            return -1;
+        }        
+    }
+
+    if (len > 1) {
+        if (msr->mpd->buf[len - 2] == '\r') {
+            msr->mpd->flag_lf_line = 1;
+        } else {
+            msr->mpd->flag_crlf_line = 1;
        }
+    } else {
+        msr->mpd->flag_lf_line = 1;
    }

    /* Is this an empty line? */
@@ -196,9 +207,11 @@ static int multipart_process_part_header(modsec_rec *msr, char **error_msg) {
        
        /* Empty line. */

-        if (msr->mpd->buf[0] == '\n') {
-            msr->mpd->flag_lf_line = 1;
-        }
+        //if (msr->mpd->buf[0] == '\n') {
+        //    msr->mpd->flag_lf_line = 1;
+        //} else {
+        //    msr->mpd->flag_crlf_line = 1;
+        //}

        header_value = (char *)apr_table_get(msr->mpd->mpp->headers, "Content-Disposition");
        if (header_value == NULL) {
@@ -237,6 +250,9 @@ static int multipart_process_part_header(modsec_rec *msr, char **error_msg) {
        msr->mpd->mpp->last_header_name = NULL;
    } else {
        /* Header line. */
+
+        // XXX
+
        if ((msr->mpd->buf[0] == '\t')||(msr->mpd->buf[0] == ' ')) {
            char *header_value, *new_value, *data;
            
@@ -838,6 +854,8 @@ int multipart_process_chunk(modsec_rec *msr, const char *buf,
                    {
                        if (*boundary_end == '\n') {
                            msr->mpd->flag_lf_line = 1;
+                        } else {
+                            msr->mpd->flag_crlf_line = 1;
                        }

                        if (multipart_process_boundary(msr, (is_final ? 1 : 0), error_msg) < 0) {