github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add check for evasion using double quote inside multipart boundary.

Browse Source
This commit is contained in:
ivanr
2007-08-10 14:37:04 +00:00
parent 25fb1b2629
commit d0ac05c3ea
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
apache2/msc_multipart.c
View File

@@ -567,6 +567,11 @@ int multipart_init(modsec_rec *msr, char **error_msg) {
/* Quoted. */ /* Quoted. */
msr->mpd->boundary = apr_pstrndup(msr->mp, b + 1, len - 2); msr->mpd->boundary = apr_pstrndup(msr->mp, b + 1, len - 2);
msr->mpd->flag_boundary_quoted = 1; msr->mpd->flag_boundary_quoted = 1;
if (strstr(msr->mpd->boundary, "\"") != NULL) {
*error_msg = apr_psprintf(msr->mp, "Invalid boundary (quote).");
return -1;
}
} else { } else {
/* Not quoted. */ /* Not quoted. */
msr->mpd->boundary = apr_pstrdup(msr->mp, b); msr->mpd->boundary = apr_pstrdup(msr->mp, b);