Merge pull request #2870 from airween/v3/multipartpartheaderfix

martinhsv · web-flow · commit 7cf0445ad461 · 2023-04-24T06:59:16.000-07:00
Set correct line end in case of `MULTIPART_PART_HEADER` variable
diff --git a/src/request_body_processor/multipart.cc b/src/request_body_processor/multipart.cc
@@ -935,7 +935,7 @@ int Multipart::process_part_header(std::string *error, int offset) {
                 "Multipart: Added part header \"" + header_name \
                 + "\" \"" + header_value + "\".");
             if (len_without_termination > 0) {
-                m_mpp->m_last_header_line.assign(m_buf);
+                m_mpp->m_last_header_line.assign(m_buf, len_without_termination);
             } else {
                 m_mpp->m_last_header_line.assign("");
             }
diff --git a/test/test-cases/regression/variable-MULTIPART_PART_HEADERS.json b/test/test-cases/regression/variable-MULTIPART_PART_HEADERS.json
@@ -162,6 +162,57 @@
         "SecRuleEngine On",
         "SecRule MULTIPART_PART_HEADERS:parm2 \"@rx content-type:.*jpeg\" \"phase:2,deny,status:403,id:500074,t:lowercase\""
     ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: MULTIPART_PART_HEADERS (check EOL)",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length":"249",
+        "Content-Type":"multipart/form-data; boundary=-----------------------------69343412719991675451336310646",
+        "Expect":"100-continue"
+      },
+      "uri":"/",
+      "method":"POST",
+      "body":[
+                "-------------------------------69343412719991675451336310646",
+                "Content-Disposition: form-data; name=\"file\"; filename=\"New Text Document.txt\"",
+                "Content-Type: text/plain; charset=utf-8\r\n",
+                "",
+                "1",
+                "-------------------------------69343412719991675451336310646--"
+      ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "http_code": 200
+    },
+    "rules":[
+        "SecRuleEngine On",
+        "SecRule MULTIPART_PART_HEADERS \"@rx ^content-type\\s*+:\\s*+(.*)$\" \"id:922110,phase:2,deny,capture,t:none,t:lowercase,chain\"",
+        "SecRule TX:1 \"!@rx ^text/plain; charset=(?:iso-8859-15?|windows-1252|utf-8)$\" \"t:lowercase\""
+    ]
   }
 ]
 

Original file line number	Diff line number	Diff line change
`@@ -935,7 +935,7 @@ int Multipart::process_part_header(std::string *error, int offset) {`
`935`	`935`	`"Multipart: Added part header \"" + header_name \`
`936`	`936`	`+ "\" \"" + header_value + "\".");`
`937`	`937`	`if (len_without_termination > 0) {`
`938`		`- m_mpp->m_last_header_line.assign(m_buf);`
	`938`	`+ m_mpp->m_last_header_line.assign(m_buf, len_without_termination);`
`939`	`939`	`} else {`
`940`	`940`	`m_mpp->m_last_header_line.assign("");`
`941`	`941`	`}`