Skip to content

Commit f9248f9

Browse files
committed
Check if filename arg is quoted and it has the trailing quote
1 parent b9fb213 commit f9248f9

2 files changed

Lines changed: 54 additions & 0 deletions

File tree

src/request_body_processor/multipart.cc

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -417,6 +417,9 @@ int Multipart::parse_content_disposition(const char *c_d_value, int offset) {
417417

418418
if (*p == quote) {
419419
p++; /* go over the quote at the end */
420+
} else {
421+
m_flag_invalid_quoting = 1;
422+
return -15; /* closing quote not found */
420423
}
421424

422425
} else {

test/test-cases/regression/request-body-parser-multipart.json

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3417,5 +3417,56 @@
34173417
"SecruleEngine On",
34183418
"SecRule REQBODY_PROCESSOR_ERROR \"@eq 1\" \"phase:2,deny,status:403,id:500077\""
34193419
]
3420+
},
3421+
{
3422+
"enabled": 1,
3423+
"version_min": 300000,
3424+
"title": "multipart parser (invalid part header - missing trailing quote)",
3425+
"client": {
3426+
"ip": "200.249.12.31",
3427+
"port": 123
3428+
},
3429+
"server": {
3430+
"ip": "200.249.12.31",
3431+
"port": 80
3432+
},
3433+
"request": {
3434+
"headers": {
3435+
"Host": "localhost",
3436+
"User-Agent": "curl/7.38.0",
3437+
"Accept": "*/*",
3438+
"Content-Length": "145",
3439+
"Content-Type": "multipart/form-data; boundary=a",
3440+
"Expect": "100-continue"
3441+
},
3442+
"uri": "/",
3443+
"method": "POST",
3444+
"body": [
3445+
"--a\r\n",
3446+
"Content-Disposition: form-data; name=\"file\"; filename=\"1.jsp\r\n",
3447+
"\r\n",
3448+
"Some content\r\n",
3449+
"--a--\r\n"
3450+
]
3451+
},
3452+
"response": {
3453+
"headers": {
3454+
"Date": "Mon, 13 Jul 2015 20:02:41 GMT",
3455+
"Last-Modified": "Sun, 26 Oct 2014 22:33:37 GMT",
3456+
"Content-Type": "text/html",
3457+
"Content-Length": "8"
3458+
},
3459+
"body": [
3460+
"no need."
3461+
]
3462+
},
3463+
"expected": {
3464+
"debug_log": "Multipart: Invalid Content-Disposition header \\(-15\\): form-data; name=\"file\"; filename=\"1.jsp",
3465+
"http_code": 403
3466+
},
3467+
"rules": [
3468+
"SecruleEngine On",
3469+
"SecRule REQBODY_PROCESSOR_ERROR \"@eq 1\" \"phase:2,deny,status:403,id:500077\""
3470+
]
34203471
}
34213472
]

0 commit comments

Comments
 (0)