github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Another check for evasion through partial quoting of multipart boundary.

Browse Source
This commit is contained in:
ivanr 2007-08-10 14:40:22 +00:00
parent d0ac05c3ea
commit b1949b7ebc
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apache2/msc_multipart.c
View File

@ -574,6 +574,11 @@ int multipart_init(modsec_rec *msr, char **error_msg) {
} }
} else { } else {
/* Not quoted. */ /* Not quoted. */
if (*b == '"') {
*error_msg = apr_psprintf(msr->mp, "Invalid boundary (quote).");
return -1;
}
msr->mpd->boundary = apr_pstrdup(msr->mp, b); msr->mpd->boundary = apr_pstrdup(msr->mp, b);
msr->mpd->flag_boundary_quoted = 0; msr->mpd->flag_boundary_quoted = 0;
} }