From d0ac05c3ea2bd0ff995e5af4607706985357d029 Mon Sep 17 00:00:00 2001
From: ivanr <ivanr@9017d574-64ec-4062-9424-5e00b32a252b>
Date: Fri, 10 Aug 2007 14:37:04 +0000
Subject: [PATCH] Add check for evasion using double quote inside multipart
 boundary.

---
 apache2/msc_multipart.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/apache2/msc_multipart.c b/apache2/msc_multipart.c
index 525e8574..9f138ba4 100644
--- a/apache2/msc_multipart.c
+++ b/apache2/msc_multipart.c
@@ -567,6 +567,11 @@ int multipart_init(modsec_rec *msr, char **error_msg) {
             /* Quoted. */
             msr->mpd->boundary = apr_pstrndup(msr->mp, b + 1, len - 2);
             msr->mpd->flag_boundary_quoted = 1;
+
+            if (strstr(msr->mpd->boundary, "\"") != NULL) {
+                *error_msg = apr_psprintf(msr->mp, "Invalid boundary (quote).");
+                return -1;
+            }
         } else {
             /* Not quoted. */
             msr->mpd->boundary = apr_pstrdup(msr->mp, b);