From f27c85cf472465377e9658723ddfadb44a25118d Mon Sep 17 00:00:00 2001 From: Ervin Hegedus Date: Tue, 13 Aug 2024 11:07:18 +0200 Subject: [PATCH 1/2] Check if the MP header contains invalid character --- apache2/msc_multipart.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/apache2/msc_multipart.c b/apache2/msc_multipart.c index 7d56dd64..92f466e3 100644 --- a/apache2/msc_multipart.c +++ b/apache2/msc_multipart.c @@ -402,7 +402,7 @@ static int multipart_process_part_header(modsec_rec *msr, char **error_msg) { if (msr->mpd->mpp->last_header_line != NULL) { *(char **)apr_array_push(msr->mpd->mpp->header_lines) = msr->mpd->mpp->last_header_line; msr_log(msr, 9, "Multipart: Added part header line \"%s\"", msr->mpd->mpp->last_header_line); - } + } data = msr->mpd->buf; @@ -424,6 +424,16 @@ static int multipart_process_part_header(modsec_rec *msr, char **error_msg) { return -1; } + /* check if multipart header contains any invalid characters */ + char *ch = header_name; + while(*ch != '\0') { + if (*ch < 33 || *ch > 126) { + *error_msg = apr_psprintf(msr->mp, "Multipart: Invalid part header (contains invalid character)."); + return -1; + } + ch++; + } + /* extract the value value */ data++; while((*data == '\t') || (*data == ' ')) data++; From e6e3417e9d642eadac2136c1ded2f36cc5cf5b92 Mon Sep 17 00:00:00 2001 From: Ervin Hegedus Date: Tue, 13 Aug 2024 11:07:44 +0200 Subject: [PATCH 2/2] Remove unnecessary assert() --- apache2/re_variables.c | 1 - 1 file changed, 1 deletion(-) diff --git a/apache2/re_variables.c b/apache2/re_variables.c index b3ea4fac..5bf307af 100644 --- a/apache2/re_variables.c +++ b/apache2/re_variables.c @@ -616,7 +616,6 @@ static int var_reqbody_processor_error_msg_generate(modsec_rec *msr, msre_var *v { assert(msr != NULL); assert(var != NULL); - assert(rule != NULL); assert(vartab != NULL); assert(mptmp != NULL); msre_var *rvar = apr_pmemdup(mptmp, var, sizeof(msre_var));