From 6335e5426c2de1e6c97e249fe94dc00ae34c03de Mon Sep 17 00:00:00 2001 From: brenosilva Date: Sun, 14 Oct 2012 23:47:27 +0000 Subject: [PATCH] Added MULTIPART_INVALID_PART flag --- apache2/msc_multipart.c | 9 +++++++-- apache2/msc_multipart.h | 1 + apache2/re_variables.c | 24 ++++++++++++++++++++++++ modsecurity.conf-recommended | 1 + 4 files changed, 33 insertions(+), 2 deletions(-) diff --git a/apache2/msc_multipart.c b/apache2/msc_multipart.c index 69b37694..82d4298f 100644 --- a/apache2/msc_multipart.c +++ b/apache2/msc_multipart.c @@ -654,6 +654,7 @@ static int multipart_process_boundary(modsec_rec *msr, int last_part, char **err } } else { + msr->mpd->flag_invalid_part = 1; msr_log(msr, 3, "Multipart: Skipping invalid part %pp (part name missing): " "(offset %u, length %u)", msr->mpd->mpp, msr->mpd->mpp->offset, msr->mpd->mpp->length); @@ -945,7 +946,7 @@ int multipart_complete(modsec_rec *msr, char **error_msg) { if (msr->mpd->flag_header_folding) { msr_log(msr, 4, "Multipart: Warning: header folding used."); - } + } if (msr->mpd->flag_crlf_line && msr->mpd->flag_lf_line) { msr_log(msr, 4, "Multipart: Warning: mixed line endings used (CRLF/LF)."); @@ -962,9 +963,13 @@ int multipart_complete(modsec_rec *msr, char **error_msg) { msr_log(msr, 4, "Multipart: Warning: invalid quoting used."); } + if (msr->mpd->flag_invalid_part) { + msr_log(msr, 4, "Multipart: Warning: invalid part parsing."); + } + if (msr->mpd->flag_invalid_header_folding) { msr_log(msr, 4, "Multipart: Warning: invalid header folding used."); - } + } } if ((msr->mpd->seen_data != 0) && (msr->mpd->is_complete == 0)) { diff --git a/apache2/msc_multipart.h b/apache2/msc_multipart.h index 7d956095..fcc85a4c 100644 --- a/apache2/msc_multipart.h +++ b/apache2/msc_multipart.h @@ -117,6 +117,7 @@ struct multipart_data { int flag_boundary_whitespace; int flag_missing_semicolon; int flag_invalid_quoting; + int flag_invalid_part; int flag_invalid_header_folding; int flag_file_limit_exceeded; }; diff --git a/apache2/re_variables.c b/apache2/re_variables.c index 80f40f5b..a4f92cbb 100644 --- a/apache2/re_variables.c +++ b/apache2/re_variables.c @@ -1397,6 +1397,18 @@ static int var_multipart_missing_semicolon_generate(modsec_rec *msr, msre_var *v } } +/* MULTIPART_INVALID_PART */ + +static int var_multipart_invalid_part_generate(modsec_rec *msr, msre_var *var, msre_rule *rule, + apr_table_t *vartab, apr_pool_t *mptmp) +{ + if ((msr->mpd != NULL)&&(msr->mpd->flag_invalid_part != 0)) { + return var_simple_generate(var, vartab, mptmp, "1"); + } else { + return var_simple_generate(var, vartab, mptmp, "0"); + } +} + /* MULTIPART_INVALID_QUOTING */ static int var_multipart_invalid_quoting_generate(modsec_rec *msr, msre_var *var, msre_rule *rule, @@ -1449,6 +1461,7 @@ static int var_multipart_strict_error_generate(modsec_rec *msr, msre_var *var, m ||(msr->mpd->flag_lf_line != 0) ||(msr->mpd->flag_missing_semicolon != 0) ||(msr->mpd->flag_invalid_quoting != 0) + ||(msr->mpd->flag_invalid_part != 0) ||(msr->mpd->flag_invalid_header_folding != 0) ||(msr->mpd->flag_file_limit_exceeded != 0) ) { @@ -2899,6 +2912,17 @@ void msre_engine_register_default_variables(msre_engine *engine) { PHASE_REQUEST_BODY ); + /* MULTIPART_INVALID_PART */ + msre_engine_variable_register(engine, + "MULTIPART_INVALID_PART", + VAR_SIMPLE, + 0, 0, + NULL, + var_multipart_invalid_part_generate, + VAR_DONT_CACHE, /* flag */ + PHASE_REQUEST_BODY + ); + /* MULTIPART_INVALID_QUOTING */ msre_engine_variable_register(engine, "MULTIPART_INVALID_QUOTING", diff --git a/modsecurity.conf-recommended b/modsecurity.conf-recommended index e705f177..2f8c9464 100644 --- a/modsecurity.conf-recommended +++ b/modsecurity.conf-recommended @@ -70,6 +70,7 @@ HF %{MULTIPART_HEADER_FOLDING}, \ LF %{MULTIPART_LF_LINE}, \ SM %{MULTIPART_MISSING_SEMICOLON}, \ IQ %{MULTIPART_INVALID_QUOTING}, \ +IQ %{MULTIPART_INVALID_PART}, \ IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'"