github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Multipart names may include single quote if double-quote enclosed

Browse Source
This commit is contained in:
Martin Vierula
2021-12-23 08:02:43 -08:00
parent c072ac29eb
commit f34b49f666
4 changed files with 134 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/request_body_processor/multipart.cc
View File

@@ -227,12 +227,18 @@ int Multipart::boundary_characters_valid(const char *boundary) {
}
void Multipart::validate_quotes(const char *data) {
void Multipart::validate_quotes(const char *data, char quote) {
int i, len;
if (data == NULL)
return;
// if the value was enclosed in double quotes, then we don't care about
// a single quote character within the name.
if (quote == '"') {
return;
}
len = strlen(data);
for (i = 0; i < len; i++) {
@@ -318,6 +324,7 @@ int Multipart::parse_content_disposition(const char *c_d_value, int offset) {
return -6;
}
char quote = '\0';
if (name == "filename*") {
/* filename*=charset'[optional-language]'filename */
/* Read beyond the charset and the optional language*/
@@ -357,7 +364,7 @@ int Multipart::parse_content_disposition(const char *c_d_value, int offset) {
* technically "'" is invalid and so flag_invalid_quoting is
* set so the user can deal with it in the rules if they so wish.
*/
char quote = *p;
quote = *p; // remember which quote character was used for the value
if (quote == '\'') {
m_flag_invalid_quoting = 1;
@@ -408,7 +415,7 @@ int Multipart::parse_content_disposition(const char *c_d_value, int offset) {
/* evaluate part */
if (name == "name") {
validate_quotes(value.c_str());
validate_quotes(value.c_str(), quote);
m_transaction->m_variableMultipartName.set(value, value,
offset + ((p - c_d_value) - value.size()));
@@ -424,7 +431,7 @@ int Multipart::parse_content_disposition(const char *c_d_value, int offset) {
ms_dbg_a(m_transaction, 9,
"Multipart: Content-Disposition name: " + value + ".");
} else if (name == "filename") {
validate_quotes(value.c_str());
validate_quotes(value.c_str(), quote);
m_transaction->m_variableMultipartFileName.set(value, value, \
offset + ((p - c_d_value) - value.size()));

2
src/request_body_processor/multipart.h
View File

@@ -162,7 +162,7 @@ class Multipart {
int process_part_header(std::string *error, int offset);
int process_part_data(std::string *error, size_t offset);
void validate_quotes(const char *data);
void validate_quotes(const char *data, char quote);
size_t m_reqbody_no_files_length;
std::list<MultipartPart *> m_parts;