1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
* distribution) which contains the complete text of the licence.
*
* There are special exceptions to the terms and conditions of the GPL
* as it is applied to this software. View the full text of the exception in
* file MODSECURITY_LICENSING_EXCEPTION in the directory of this software
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
*
*/
#ifndef _MSC_MULTIPART_H_
#define _MSC_MULTIPART_H_
#define MULTIPART_BUF_SIZE 4096
#define MULTIPART_FORMDATA 1
#define MULTIPART_FILE 2
typedef struct multipart_part multipart_part;
typedef struct multipart_data multipart_data;
#include "apr_general.h"
#include "apr_tables.h"
#include "modsecurity.h"
typedef struct value_part_t value_part_t;
struct value_part_t {
char *data;
long int length;
};
struct multipart_part {
/* part type, can be MULTIPART_FORMDATA or MULTIPART_FILE */
int type;
/* the name */
char *name;
/* variables only, variable value */
char *value;
apr_array_header_t *value_parts;
/* files only, the content type (where available) */
char *content_type;
/* files only, the name of the temporary file holding data */
char *tmp_file_name;
int tmp_file_fd;
unsigned int tmp_file_size;
/* files only, filename as supplied by the browser */
char *filename;
char *last_header_name;
apr_table_t *headers;
unsigned int offset;
unsigned int length;
};
struct multipart_data {
/* this array keeps parts */
apr_array_header_t *parts;
/* Number of parts that are files */
int nfiles;
/* mime boundary used to detect when
* parts end and begin
*/
char *boundary;
int boundary_count;
/* internal buffer and other variables
* used while parsing
*/
char buf[MULTIPART_BUF_SIZE + 2];
int buf_contains_line;
char *bufptr;
int bufleft;
unsigned int buf_offset;
/* pointer that keeps track of a part while
* it is being built
*/
multipart_part *mpp;
/* part parsing state; 0 means we are reading
* headers, 1 means we are collecting data
*/
int mpp_state;
/* because of the way this parsing algorithm
* works we hold back the last two bytes of
* each data chunk so that we can discard it
* later if the next data chunk proves to be
* a boundary; the first byte is an indicator
* 0 - no content, 1 - two data bytes available
*/
char reserve[4];
int seen_data;
int is_complete;
int flag_error;
int flag_data_before;
int flag_data_after;
int flag_header_folding;
int flag_boundary_quoted;
int flag_lf_line;
int flag_crlf_line;
int flag_unmatched_boundary;
int flag_boundary_whitespace;
int flag_missing_semicolon;
int flag_invalid_quoting;
int flag_invalid_header_folding;
int flag_file_limit_exceeded;
};
/* Functions */
int DSOLOCAL multipart_init(modsec_rec *msr, char **error_msg);
int DSOLOCAL multipart_complete(modsec_rec *msr, char **error_msg);
int DSOLOCAL multipart_process_chunk(modsec_rec *msr, const char *buf,
unsigned int size, char **error_msg);
apr_status_t DSOLOCAL multipart_cleanup(modsec_rec *msr);
int DSOLOCAL multipart_get_arguments(modsec_rec *msr, char *origin, apr_table_t *arguments);
char DSOLOCAL *multipart_reconstruct_urlencoded_body_sanitise(modsec_rec *msr);
#endif
|
