From bf4b7e3b43b7bdf38e1c524d3c642ae7034bf96d Mon Sep 17 00:00:00 2001
From: b1v1r <b1v1r@9017d574-64ec-4062-9424-5e00b32a252b>
Date: Sat, 16 May 2009 04:47:30 +0000
Subject: [PATCH] Added regression test for zero length part name.

---
 .../t/regression/misc/00-multipart-parser.t   | 42 +++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/apache2/t/regression/misc/00-multipart-parser.t b/apache2/t/regression/misc/00-multipart-parser.t
index 4efc0551..e9d551cd 100644
--- a/apache2/t/regression/misc/00-multipart-parser.t
+++ b/apache2/t/regression/misc/00-multipart-parser.t
@@ -362,3 +362,45 @@
 		),
 	),
 },
+# Zero length part  name should not crash
+{
+	type => "misc",
+	comment => "multipart parser (zero length part name)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 9
+		SecRequestBodyAccess On
+		SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
+		SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
+		SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
+	),
+	match_log => {
+		debug => [ qr/Adding request argument \(BODY\): name "a", value "1".*Invalid part header \(header name missing\)/s, 1 ],
+		-debug => [ qr/Adding request argument \(BODY\): name "b"/s, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Content-Type" => "multipart/form-data; boundary=---------------------------69343412719991675451336310646",
+		],
+		normalize_raw_request_data(
+			q(
+				-----------------------------69343412719991675451336310646
+				Content-Disposition: form-data; name="a"
+
+				1
+				-----------------------------69343412719991675451336310646
+				:
+				-----------------------------69343412719991675451336310646
+				Content-Disposition: form-data; name="b"
+
+				2
+				-----------------------------69343412719991675451336310646--
+			),
+		),
+	),
+},