From b1949b7ebc524575787eeb071fdde0c6df5758df Mon Sep 17 00:00:00 2001
From: ivanr <ivanr@9017d574-64ec-4062-9424-5e00b32a252b>
Date: Fri, 10 Aug 2007 14:40:22 +0000
Subject: [PATCH] Another check for evasion through partial quoting of
 multipart boundary.

---
 apache2/msc_multipart.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/apache2/msc_multipart.c b/apache2/msc_multipart.c
index 9f138ba4..3f886210 100644
--- a/apache2/msc_multipart.c
+++ b/apache2/msc_multipart.c
@@ -574,6 +574,11 @@ int multipart_init(modsec_rec *msr, char **error_msg) {
             }
         } else {
             /* Not quoted. */
+            if (*b == '"') {
+                *error_msg = apr_psprintf(msr->mp, "Invalid boundary (quote).");
+                return -1;
+            }
+
             msr->mpd->boundary = apr_pstrdup(msr->mp, b);
             msr->mpd->flag_boundary_quoted = 0;
         }