From 9301461b339c61bd44cac3889d01cec6eb4e69c6 Mon Sep 17 00:00:00 2001 From: ivanr Date: Mon, 20 Aug 2007 16:09:48 +0000 Subject: [PATCH] Allow multipart C-T header to be up to 1024 bytes long. Some code cleanup (really ;). --- apache2/msc_multipart.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/apache2/msc_multipart.c b/apache2/msc_multipart.c index 5e4d79fc..38dd1707 100644 --- a/apache2/msc_multipart.c +++ b/apache2/msc_multipart.c @@ -188,9 +188,9 @@ static int multipart_process_part_header(modsec_rec *msr, char **error_msg) { if (len > 1) { if (msr->mpd->buf[len - 2] == '\r') { - msr->mpd->flag_lf_line = 1; - } else { msr->mpd->flag_crlf_line = 1; + } else { + msr->mpd->flag_lf_line = 1; } } else { msr->mpd->flag_lf_line = 1; @@ -202,16 +202,8 @@ static int multipart_process_part_header(modsec_rec *msr, char **error_msg) { &&(msr->mpd->buf[2] == '\0') ) || ((msr->mpd->buf[0] == '\n') &&(msr->mpd->buf[1] == '\0') ) ) - { - char *header_value; - - /* Empty line. */ - - //if (msr->mpd->buf[0] == '\n') { - // msr->mpd->flag_lf_line = 1; - //} else { - // msr->mpd->flag_crlf_line = 1; - //} + { /* Empty line. */ + char *header_value = NULL; header_value = (char *)apr_table_get(msr->mpd->mpp->headers, "Content-Disposition"); if (header_value == NULL) { @@ -251,8 +243,6 @@ static int multipart_process_part_header(modsec_rec *msr, char **error_msg) { } else { /* Header line. */ - // XXX - if ((msr->mpd->buf[0] == '\t')||(msr->mpd->buf[0] == ' ')) { char *header_value, *new_value, *data; @@ -641,6 +631,12 @@ int multipart_init(modsec_rec *msr, char **error_msg) { return -1; } + if (strlen(msr->request_content_type) > 1024) { + msr->mpd->flag_error = 1; + *error_msg = apr_psprintf(msr->mp, "Multipart: Invalid boundary in C-T (length)."); + return -1; + } + /* Count how many times the word "boundary" appears in the C-T header. */ if (multipart_count_boundary_params(msr->mp, msr->request_content_type) > 1) { msr->mpd->flag_error = 1;