From f27c85cf472465377e9658723ddfadb44a25118d Mon Sep 17 00:00:00 2001
From: Ervin Hegedus <airween@gmail.com>
Date: Tue, 13 Aug 2024 11:07:18 +0200
Subject: [PATCH] Check if the MP header contains invalid character

---
 apache2/msc_multipart.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/apache2/msc_multipart.c b/apache2/msc_multipart.c
index 7d56dd64..92f466e3 100644
--- a/apache2/msc_multipart.c
+++ b/apache2/msc_multipart.c
@@ -402,7 +402,7 @@ static int multipart_process_part_header(modsec_rec *msr, char **error_msg) {
             if (msr->mpd->mpp->last_header_line != NULL) {
                 *(char **)apr_array_push(msr->mpd->mpp->header_lines) = msr->mpd->mpp->last_header_line;
                 msr_log(msr, 9, "Multipart: Added part header line \"%s\"", msr->mpd->mpp->last_header_line);
-	    }
+            }
 
             data = msr->mpd->buf;
 
@@ -424,6 +424,16 @@ static int multipart_process_part_header(modsec_rec *msr, char **error_msg) {
                  return -1;
             }
 
+            /* check if multipart header contains any invalid characters */
+            char *ch = header_name;
+            while(*ch != '\0') {
+                if (*ch < 33 || *ch > 126) {
+                    *error_msg = apr_psprintf(msr->mp, "Multipart: Invalid part header (contains invalid character).");
+                    return -1;
+                }
+                ch++;
+            }
+
             /* extract the value value */
             data++;
             while((*data == '\t') || (*data == ' ')) data++;