integrated filename* from OWASP

Author: JonathanBerrew

apache2/apache2.h

@@ -27,8 +27,10 @@
 #if (!defined(NO_MODSEC_API))
 /* Optional functions. */
 
+typedef int (*fn_op_param_init_t)(msre_rule* rule, char** error_msg);
+typedef int (*fn_op_execute_t)(modsec_rec* msr, msre_rule* rule, msre_var* var, char** error_msg);
 APR_DECLARE_OPTIONAL_FN(void, modsec_register_tfn, (const char *name, void *fn));
-APR_DECLARE_OPTIONAL_FN(void, modsec_register_operator, (const char *name, void *fn_init, void *fn_exec));
+APR_DECLARE_OPTIONAL_FN(void, modsec_register_operator, (const char *name, fn_op_param_init_t fn_init, fn_op_execute_t fn_exec));
 APR_DECLARE_OPTIONAL_FN(void, modsec_register_variable,
     (const char *name, unsigned int type,
      unsigned int argc_min, unsigned int argc_max,

apache2/mod_security2.c

@@ -1406,9 +1406,9 @@ static void modsec_register_tfn(const char *name, void *fn) {
  * This function is exported for other Apache modules to
  * register new operators.
  */
-static void modsec_register_operator(const char *name, void *fn_init, void *fn_exec) {
+static void modsec_register_operator(const char* name, fn_op_param_init_t fn_init, fn_op_execute_t fn_exec) {
     if (modsecurity != NULL) {
-        msre_engine_op_register(modsecurity->msre, name, (fn_op_param_init_t)fn_init, (fn_op_execute_t)fn_exec);
+        msre_engine_op_register(modsecurity->msre, name, fn_init, fn_exec);
     }
 }
 

apache2/msc_multipart.c

@@ -20,6 +20,9 @@
 #include "msc_util.h"
 #include "msc_parsers.h"
 
+static const char* mime_charset_special = "!#$&+-^_`~%{}";
+static const char* attr_char_special =    "!#$&+-^_`~.";
+
 void validate_quotes(modsec_rec *msr, char *data, char quote)  {
     assert(msr != NULL);
     int i, len;
@@ -85,7 +88,8 @@ static int multipart_parse_content_disposition(modsec_rec *msr, char *c_d_value)
     assert(msr != NULL);
     assert(c_d_value != NULL);
     char *p = NULL, *t = NULL;
-
+    char* filenameStar = NULL;
+    
     /* accept only what we understand */
     if (strncmp(c_d_value, "form-data", 9) != 0) {
         return -1;
@@ -223,6 +227,64 @@ static int multipart_parse_content_disposition(modsec_rec *msr, char *c_d_value)
                 msr_log(msr, 9, "Multipart: Content-Disposition filename: %s",
                     log_escape_nq(msr->mp, value));
             }
+            else if (strcmp(name, "filename*") == 0) {
+                /* old restrictive code
+                if (strncasecmp(value, "UTF-8''", 7) && strncasecmp(value, "ISO-8859-1''", 12)) {
+                    msr_log(msr, 4, "Multipart: filename* must contain encoding: %s", log_escape_nq(msr->mp, value));
+                    msr->mpd->flag_error = 1;
+                    return -16;
+                }
+                //msr_log(msr, 4, "Multipart: Warning: Content-Disposition filename* is obsolete (ignore it)");
+                */
+
+                /* filename*=charset'[optional-language]'filename */
+                /* Read beyond the charset and the optional language*/
+                const char* start_of_charset = p;
+                /*
+                if (strncasecmp(value, "UTF-8''", 7) == 0) p += 7;
+                else if (strncasecmp(value, "ISO-8859-1''", 12) == 0) p += 12;
+                */
+                while ((*p != '\0') && (isalnum(*p) || strchr(mime_charset_special, *p) )) {
+                    p++;
+                }
+                if ((*p != '\'') || (p == start_of_charset)) {
+                    return -16; // Must be at least one legit char before ' for start of language
+                }
+                p++;
+                while (isalnum(*p) || *p == '-') p++;
+                if (*p != '\'') {
+                    return -17; // Single quote for end-of-language not found
+                }
+                p++;
+
+                /* Now read what should be the actual filename */
+                const char* start_of_filename = p;
+                while ((*p != '\0') && (*p != ';')) {
+                    if (*p == '%') {
+                        if ((!isxdigit(*(p + 1))) || (!isxdigit(*(p + 2)))) {
+                            return -18;
+                        }
+                        p += 3;
+                    }
+                    else if ((*p != '\0') && (isalnum(*p) || strchr(mime_charset_special, *p))) {
+                        p++;
+                    }
+                    else {
+                        return -19;
+                    }
+                }
+                value = apr_pmemdup(msr->mp, start_of_filename, p - start_of_filename);
+                if (filenameStar != NULL) {
+                    msr_log(msr, 4,
+                        "Multipart: Warning: Duplicate Content-Disposition filename*: %s.", log_escape_nq(msr->mp, value));
+                    return -20;
+                }
+                filenameStar = apr_pstrdup(msr->mp, value);
+                if (msr->txcfg->debuglog_level >= 9) {
+                    msr_log(msr, 9, "Multipart: Content-Disposition filename*: %s.",
+                        log_escape_nq(msr->mp, value));
+                }
+            }
         }
         else return -11;