← Back to branch summary

~ubuntu-branches/ubuntu/raring/modsecurity-apache/raring

« back to all changes in this revision

Viewing changes to apache2/msc_multipart.c

  • Committer: Package Import Robot
  • Author(s): Alberto Gonzalez Iniesta
  • Date: 2012-10-22 16:23:19 UTC
  • Revision ID: package-import@ubuntu.com-20121022162319-3x8pepupixl5fzy3
Tags: 2.6.6-5
http://bugs.debian.org/691146
Applied upstream patch to fix multipart/invalid part
ruleset bypass. CVE-2012-4528. (Closes: #691146)

Show diffs side-by-side

added added

removed removed

Lines of Context:
apache2/msc_multipart.c
653
653
            }
654
654
        }
655
655
        else {
 
656
            msr->mpd->flag_invalid_part = 1;
656
657
            msr_log(msr, 3, "Multipart: Skipping invalid part %pp (part name missing): "
657
658
                "(offset %u, length %u)", msr->mpd->mpp,
658
659
                msr->mpd->mpp->offset, msr->mpd->mpp->length);
944
945
 
945
946
        if (msr->mpd->flag_header_folding) {
946
947
            msr_log(msr, 4, "Multipart: Warning: header folding used.");
947
 
        }        
 
948
        }
948
949
 
949
950
        if (msr->mpd->flag_crlf_line && msr->mpd->flag_lf_line) {
950
951
            msr_log(msr, 4, "Multipart: Warning: mixed line endings used (CRLF/LF).");
961
962
            msr_log(msr, 4, "Multipart: Warning: invalid quoting used.");
962
963
        }
963
964
 
 
965
        if (msr->mpd->flag_invalid_part) {
 
966
            msr_log(msr, 4, "Multipart: Warning: invalid part parsing.");
 
967
        }
 
968
 
964
969
        if (msr->mpd->flag_invalid_header_folding) {
965
970
            msr_log(msr, 4, "Multipart: Warning: invalid header folding used.");
966
 
        }        
 
971
        }
967
972
    }
968
973
 
969
974
    if ((msr->mpd->seen_data != 0) && (msr->mpd->is_complete == 0)) {