github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Allow multipart C-T header to be up to 1024 bytes long. Some code cleanup (really ;).

Browse Source
This commit is contained in:
ivanr 2007-08-20 16:09:48 +00:00
parent 608f7f2b44
commit 9301461b33
1 changed files with 10 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
apache2/msc_multipart.c
View File

@ -188,9 +188,9 @@ static int multipart_process_part_header(modsec_rec *msr, char **error_msg) {
if (len > 1) {
if (msr->mpd->buf[len - 2] == '\r') {
msr->mpd->flag_lf_line = 1;
} else {
msr->mpd->flag_crlf_line = 1;
} else {
msr->mpd->flag_lf_line = 1;
}
} else {
msr->mpd->flag_lf_line = 1;
@ -202,16 +202,8 @@ static int multipart_process_part_header(modsec_rec *msr, char **error_msg) {
&&(msr->mpd->buf[2] == '\0') )
|| ((msr->mpd->buf[0] == '\n')
&&(msr->mpd->buf[1] == '\0') ) )
{
char *header_value;
/* Empty line. */
//if (msr->mpd->buf[0] == '\n') {
// msr->mpd->flag_lf_line = 1;
//} else {
// msr->mpd->flag_crlf_line = 1;
//}
{ /* Empty line. */
char *header_value = NULL;
header_value = (char *)apr_table_get(msr->mpd->mpp->headers, "Content-Disposition");
if (header_value == NULL) {
@ -251,8 +243,6 @@ static int multipart_process_part_header(modsec_rec *msr, char **error_msg) {
} else {
/* Header line. */
// XXX
if ((msr->mpd->buf[0] == '\t')||(msr->mpd->buf[0] == ' ')) {
char *header_value, *new_value, *data;
@ -641,6 +631,12 @@ int multipart_init(modsec_rec *msr, char **error_msg) {
return -1;
}
if (strlen(msr->request_content_type) > 1024) {
msr->mpd->flag_error = 1;
*error_msg = apr_psprintf(msr->mp, "Multipart: Invalid boundary in C-T (length).");
return -1;
}
/* Count how many times the word "boundary" appears in the C-T header. */
if (multipart_count_boundary_params(msr->mp, msr->request_content_type) > 1) {
msr->mpd->flag_error = 1;