1 /* 2 * ModSecurity for Apache 2.x, http://www.modsecurity.org/ 3 * Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) 4 * 5 * You may not use this file except in compliance with 6 * the License. You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * If any of the files related to licensing are missing or if you have any 11 * other questions related to licensing please contact Trustwave Holdings, Inc. 12 * directly using the email address security@modsecurity.org. 13 */ 14 15 #ifndef _MSC_MULTIPART_H_ 16 #define _MSC_MULTIPART_H_ 17 18 #define MULTIPART_BUF_SIZE 4096 19 20 #define MULTIPART_FORMDATA 1 21 #define MULTIPART_FILE 2 22 23 typedef struct multipart_part multipart_part; 24 typedef struct multipart_data multipart_data; 25 26 #include "apr_general.h" 27 #include "apr_tables.h" 28 #include "modsecurity.h" 29 30 typedef struct value_part_t value_part_t; 31 struct value_part_t { 32 char *data; 33 long int length; 34 }; 35 36 struct multipart_part { 37 /* part type, can be MULTIPART_FORMDATA or MULTIPART_FILE */ 38 int type; 39 /* the name */ 40 char *name; 41 42 /* variables only, variable value */ 43 char *value; 44 apr_array_header_t *value_parts; 45 46 /* files only, the content type (where available) */ 47 char *content_type; 48 49 /* files only, the name of the temporary file holding data */ 50 char *tmp_file_name; 51 int tmp_file_fd; 52 unsigned int tmp_file_size; 53 /* files only, filename as supplied by the browser */ 54 char *filename; 55 56 char *last_header_name; 57 apr_table_t *headers; 58 59 unsigned int offset; 60 unsigned int length; 61 }; 62 63 struct multipart_data { 64 /* this array keeps parts */ 65 apr_array_header_t *parts; 66 67 /* Number of parts that are files */ 68 int nfiles; 69 70 /* mime boundary used to detect when 71 * parts end and begin 72 */ 73 char *boundary; 74 int boundary_count; 75 76 /* internal buffer and other variables 77 * used while parsing 78 */ 79 char buf[MULTIPART_BUF_SIZE + 2]; 80 int buf_contains_line; 81 char *bufptr; 82 int bufleft; 83 84 unsigned int buf_offset; 85 86 /* pointer that keeps track of a part while 87 * it is being built 88 */ 89 multipart_part *mpp; 90 91 92 /* part parsing state; 0 means we are reading 93 * headers, 1 means we are collecting data 94 */ 95 int mpp_state; 96 97 /* because of the way this parsing algorithm 98 * works we hold back the last two bytes of 99 * each data chunk so that we can discard it 100 * later if the next data chunk proves to be 101 * a boundary; the first byte is an indicator 102 * 0 - no content, 1 - two data bytes available 103 */ 104 char reserve[4]; 105 106 int seen_data; 107 int is_complete; 108 109 int flag_error; 110 int flag_data_before; 111 int flag_data_after; 112 int flag_header_folding; 113 int flag_boundary_quoted; 114 int flag_lf_line; 115 int flag_crlf_line; 116 int flag_unmatched_boundary; 117 int flag_boundary_whitespace; 118 int flag_missing_semicolon; 119 int flag_invalid_quoting; 120 int flag_invalid_part; 121 int flag_invalid_header_folding; 122 int flag_file_limit_exceeded; 123 }; 124 125 126 /* Functions */ 127 128 int DSOLOCAL multipart_init(modsec_rec *msr, char **error_msg); 129 130 int DSOLOCAL multipart_complete(modsec_rec *msr, char **error_msg); 131 132 int DSOLOCAL multipart_process_chunk(modsec_rec *msr, const char *buf, 133 unsigned int size, char **error_msg); 134 135 apr_status_t DSOLOCAL multipart_cleanup(modsec_rec *msr); 136 137 int DSOLOCAL multipart_get_arguments(modsec_rec *msr, char *origin, apr_table_t *arguments); 138 139 char DSOLOCAL *multipart_reconstruct_urlencoded_body_sanitize(modsec_rec *msr); 140 141 #endif 142