multipart boundary valid characters too strict. #653
Description
According to rfc2046 the characters allowed in the boundary are following:
boundary := 0*69<bchars> bcharsnospace
bchars := bcharsnospace / " "
bcharsnospace := DIGIT / ALPHA / "'" / "(" / ")" /
"+" / "_" / "," / "-" / "." /
"/" / ":" / "=" / "?"
modsecurity msc_multipart.c checks for the following:
switch(c) {
/* Special characters not allowed. */
case '(' :
case ')' :
case '<' :
case '>' :
case '@' :
case ',' :
case ';' :
case ':' :
case '\\' :
case '"' :
case '/' :
case '[' :
case ']' :
case '?' :
case '=' :
return 0;
break;
}
-
so it should be the following:
switch(c) { /* Special characters not allowed. */ //case '(' : // too strict //case ')' : // too strict case '<' : case '>' : case '@' : //case ',' : // too strict case ';' : //case ':' : // too strict case '\\': case '"' : //case '/' : // too strict case '[' : case ']' : //case '?' : // too strict //case '=' : // too strict return 0; break; }