Fixed parsing quoted strings in multipart Content-Disposition headers (part2).

2026-01-13 15:07:10 +03:00 · 2009-11-05 19:49:30 +00:00
parent d33f656b93
commit efc9d4e68f
3 changed files with 1935 additions and 2747 deletions
--- a/apache2/configure
+++ b/apache2/configure
--- a/apache2/mod_security2_config.h.in
+++ b/apache2/mod_security2_config.h.in
@@ -85,6 +85,9 @@
 /* Define to the one symbol short name of this package. */
 #undef PACKAGE_TARNAME

+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
 /* Define to the version of this package. */
 #undef PACKAGE_VERSION

@@ -118,13 +121,14 @@
   nothing if this is not supported.  Do not define if restrict is
   supported directly.  */
 #undef restrict
-/* Work around a bug in Sun C++: it does not support _Restrict, even
-   though the corresponding Sun C compiler does, which causes
-   "#define restrict _Restrict" in the previous line.  Perhaps some future
-   version of Sun C++ will work with _Restrict; if so, it'll probably
-   define __RESTRICT, just as Sun C does.  */
+/* Work around a bug in Sun C++: it does not support _Restrict or
+   __restrict__, even though the corresponding Sun C compiler ends up with
+   "#define restrict _Restrict" or "#define restrict __restrict__" in the
+   previous line.  Perhaps some future version of Sun C++ will work with
+   restrict; if so, hopefully it defines __RESTRICT like Sun C does.  */
 #if defined __SUNPRO_CC && !defined __RESTRICT
 # define _Restrict
+# define __restrict__
 #endif

 /* Define to `unsigned int' if <sys/types.h> does not define. */
--- a/apache2/t/regression/misc/00-multipart-parser.t
+++ b/apache2/t/regression/misc/00-multipart-parser.t
@@ -413,9 +413,7 @@
        SecDebugLog $ENV{DEBUG_LOG}
        SecDebugLogLevel 9
        SecRequestBodyAccess On
-		#SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,status:403"
        SecRule MULTIPART_DATA_AFTER "\@eq 1" "phase:2,deny,status:403"
-		SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403"
    ),
    match_log => {
        debug => [ qr/name: a.*variable: 1.*Ignoring data after last boundary/s, 1 ],
@@ -456,7 +454,7 @@
        SecRequestBodyAccess On
        #SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,status:403"
        SecRule MULTIPART_INVALID_QUOTING "\@eq 1" "chain,phase:2,deny,status:403"
-		SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403"
+        SecRule REQBODY_PROCESSOR_ERROR "\@eq 1"
    ),
    match_log => {
        debug => [ qr/name: a.*variable: 1.*Duplicate Content-Disposition name/s, 1 ],