Sophie

Sophie

distrib > Mandriva > 2011.0 > i586 > media > main-updates-src > by-pkgid > d747e4bce2a0f58059d249532d6799be > files > 6

apache-mod_security-2.6.1-1.1.src.rpm

diff -Naurp modsecurity-apache_2.6.1/apache2/msc_multipart.c modsecurity-apache_2.6.1.oden/apache2/msc_multipart.c
--- modsecurity-apache_2.6.1/apache2/msc_multipart.c	2012-12-23 17:51:00.000000000 +0000
+++ modsecurity-apache_2.6.1.oden/apache2/msc_multipart.c	2012-12-23 17:51:16.000000000 +0000
@@ -653,6 +653,7 @@ static int multipart_process_boundary(mo
             }
         }
         else {
+            msr->mpd->flag_invalid_part = 1;
             msr_log(msr, 3, "Multipart: Skipping invalid part %pp (part name missing): "
                 "(offset %u, length %u)", msr->mpd->mpp,
                 msr->mpd->mpp->offset, msr->mpd->mpp->length);
@@ -961,6 +962,11 @@ int multipart_complete(modsec_rec *msr,
             msr_log(msr, 4, "Multipart: Warning: invalid quoting used.");
         }
 
+        if (msr->mpd->flag_invalid_part) {
+            msr_log(msr, 4, "Multipart: Warning: invalid part parsing.");
+        }
+
+
         if (msr->mpd->flag_invalid_header_folding) {
             msr_log(msr, 4, "Multipart: Warning: invalid header folding used.");
         }        
diff -Naurp modsecurity-apache_2.6.1/apache2/msc_multipart.h modsecurity-apache_2.6.1.oden/apache2/msc_multipart.h
--- modsecurity-apache_2.6.1/apache2/msc_multipart.h	2011-07-18 17:35:27.000000000 +0000
+++ modsecurity-apache_2.6.1.oden/apache2/msc_multipart.h	2012-12-23 17:51:16.000000000 +0000
@@ -117,6 +117,7 @@ struct multipart_data {
     int                      flag_boundary_whitespace;
     int                      flag_missing_semicolon;
     int                      flag_invalid_quoting;
+    int                      flag_invalid_part;
     int                      flag_invalid_header_folding;
     int                      flag_file_limit_exceeded;
 };
diff -Naurp modsecurity-apache_2.6.1/apache2/re_variables.c modsecurity-apache_2.6.1.oden/apache2/re_variables.c
--- modsecurity-apache_2.6.1/apache2/re_variables.c	2011-07-18 17:35:27.000000000 +0000
+++ modsecurity-apache_2.6.1.oden/apache2/re_variables.c	2012-12-23 17:51:16.000000000 +0000
@@ -1377,6 +1377,18 @@ static int var_multipart_missing_semicol
     }
 }
 
+/* MULTIPART_INVALID_PART */
+
+static int var_multipart_invalid_part_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
+    apr_table_t *vartab, apr_pool_t *mptmp)
+{
+    if ((msr->mpd != NULL)&&(msr->mpd->flag_invalid_part != 0)) {
+        return var_simple_generate(var, vartab, mptmp, "1");
+    } else {
+        return var_simple_generate(var, vartab, mptmp, "0");
+    }
+}
+
 /* MULTIPART_INVALID_QUOTING */
 
 static int var_multipart_invalid_quoting_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
@@ -1429,6 +1441,7 @@ static int var_multipart_strict_error_ge
             ||(msr->mpd->flag_lf_line != 0)
             ||(msr->mpd->flag_missing_semicolon != 0)
             ||(msr->mpd->flag_invalid_quoting != 0)
+            ||(msr->mpd->flag_invalid_part != 0)
             ||(msr->mpd->flag_invalid_header_folding != 0)
             ||(msr->mpd->flag_file_limit_exceeded != 0)
         ) {
@@ -2835,6 +2848,17 @@ void msre_engine_register_default_variab
         VAR_DONT_CACHE, /* flag */
         PHASE_REQUEST_BODY
     );
+
+    /* MULTIPART_INVALID_PART */
+    msre_engine_variable_register(engine,
+        "MULTIPART_INVALID_PART",
+        VAR_SIMPLE,
+        0, 0,
+        NULL,
+        var_multipart_invalid_part_generate,
+        VAR_DONT_CACHE, /* flag */
+        PHASE_REQUEST_BODY
+    );
 
     /* MULTIPART_INVALID_QUOTING */
     msre_engine_variable_register(engine,

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional