Allow multipart C-T header to be up to 1024 bytes long. Some code cleanup (really ;).

apache2/msc_multipart.c

@@ -188,9 +188,9 @@ static int multipart_process_part_header(modsec_rec *msr, char **error_msg) {
 
     if (len > 1) {
         if (msr->mpd->buf[len - 2] == '\r') {
-            msr->mpd->flag_lf_line = 1;
-        } else {
             msr->mpd->flag_crlf_line = 1;
+        } else {
+            msr->mpd->flag_lf_line = 1;
         }
     } else {
         msr->mpd->flag_lf_line = 1;
@@ -202,16 +202,8 @@ static int multipart_process_part_header(modsec_rec *msr, char **error_msg) {
           &&(msr->mpd->buf[2] == '\0') )
         || ((msr->mpd->buf[0] == '\n')
           &&(msr->mpd->buf[1] == '\0') ) )
-    {
+    { /* Empty line. */
-        char *header_value;
+        char *header_value = NULL;
-        
-        /* Empty line. */
-
-        //if (msr->mpd->buf[0] == '\n') {
-        //    msr->mpd->flag_lf_line = 1;
-        //} else {
-        //    msr->mpd->flag_crlf_line = 1;
-        //}
 
         header_value = (char *)apr_table_get(msr->mpd->mpp->headers, "Content-Disposition");
         if (header_value == NULL) {
@@ -251,8 +243,6 @@ static int multipart_process_part_header(modsec_rec *msr, char **error_msg) {
     } else {
         /* Header line. */
 
-        // XXX
-
         if ((msr->mpd->buf[0] == '\t')||(msr->mpd->buf[0] == ' ')) {
             char *header_value, *new_value, *data;
             
@@ -641,6 +631,12 @@ int multipart_init(modsec_rec *msr, char **error_msg) {
         return -1;
     }
 
+    if (strlen(msr->request_content_type) > 1024) {
+        msr->mpd->flag_error = 1;
+        *error_msg = apr_psprintf(msr->mp, "Multipart: Invalid boundary in C-T (length).");
+        return -1;
+    }
+
     /* Count how many times the word "boundary" appears in the C-T header. */
     if (multipart_count_boundary_params(msr->mp, msr->request_content_type) > 1) {
         msr->mpd->flag_error = 1;