Multipart parsing fixes and new MULTIPART_PART_HEADERS collection

2025-09-30 11:44:32 +03:00 · 2022-09-07 11:09:47 -07:00
parent e0ff7ed945
commit 7a489bd07c
5 changed files with 231 additions and 42 deletions
--- a/apache2/re_variables.c
+++ b/apache2/re_variables.c
@@ -1394,6 +1394,52 @@ static int var_files_combined_size_generate(modsec_rec *msr, msre_var *var, msre
    return 1;
 }

+/* MULTIPART_PART_HEADERS */
+
+static int var_multipart_part_headers_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
+    apr_table_t *vartab, apr_pool_t *mptmp)
+{
+    multipart_part **parts = NULL;
+    int i, j, count = 0;
+
+    if (msr->mpd == NULL) return 0;
+
+    parts = (multipart_part **)msr->mpd->parts->elts;
+    for(i = 0; i < msr->mpd->parts->nelts; i++) {
+        int match = 0;
+
+        /* Figure out if we want to include this variable. */
+        if (var->param == NULL) match = 1;
+        else {
+            if (var->param_data != NULL) { /* Regex. */
+                char *my_error_msg = NULL;
+                if (!(msc_regexec((msc_regex_t *)var->param_data, parts[i]->name,
+                    strlen(parts[i]->name), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
+            } else { /* Simple comparison. */
+                if (strcasecmp(parts[i]->name, var->param) == 0) match = 1;
+            }
+        }
+
+        /* If we had a match add this argument to the collection. */
+        if (match) {
+            for (j = 0; j < parts[i]->header_lines->nelts; j++) {
+                char *header_line = ((char **)parts[i]->header_lines->elts)[j];
+                msre_var *rvar = apr_pmemdup(mptmp, var, sizeof(msre_var));
+
+                rvar->value = header_line;
+                rvar->value_len = strlen(rvar->value);
+                rvar->name = apr_psprintf(mptmp, "MULTIPART_PART_HEADERS:%s",
+                    log_escape_nq(mptmp, parts[i]->name));
+                apr_table_addn(vartab, rvar->name, (void *)rvar);
+
+                count++;
+	    }
+        }
+    }
+
+    return count;
+}
+
 /* MODSEC_BUILD */

 static int var_modsec_build_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
@@ -2966,6 +3012,17 @@ void msre_engine_register_default_variables(msre_engine *engine) {
        PHASE_REQUEST_BODY
    );

+    /* MULTIPART_PART_HEADERS */
+    msre_engine_variable_register(engine,
+        "MULTIPART_PART_HEADERS",
+        VAR_LIST,
+        0, 1,
+        var_generic_list_validate,
+        var_multipart_part_headers_generate,
+        VAR_CACHE,
+        PHASE_REQUEST_BODY
+    );
+
    /* GEO */
    msre_engine_variable_register(engine,
        "GEO",