#include "bstr.h"
#include "htp.h"
#include "htp_table.h"
Go to the source code of this file.
#define HTP_MULTIPART_BBOUNDARY_LWS_AFTER 0x0004 |
Seen LWS after a boundary instance in the body. Unusual.
#define HTP_MULTIPART_BBOUNDARY_NLWS_AFTER 0x0008 |
Seen non-LWS content after a boundary instance in the body. Highly unusual.
#define HTP_MULTIPART_CD_INVALID |
Value:
#define HTP_MULTIPART_CD_PARAM_UNKNOWN
Definition: htp_multipart.h:142
#define HTP_MULTIPART_CD_TYPE_INVALID
Definition: htp_multipart.h:136
#define HTP_MULTIPART_CD_PARAM_REPEATED
Definition: htp_multipart.h:139
#define HTP_MULTIPART_CD_SYNTAX_INVALID
Definition: htp_multipart.h:145
A collection of flags that all indicate an invalid C-D header.
#define HTP_MULTIPART_CD_PARAM_REPEATED 0x40000 |
Content-Disposition part header with multiple parameters with the same name.
#define HTP_MULTIPART_CD_PARAM_UNKNOWN 0x80000 |
Unknown Content-Disposition parameter.
#define HTP_MULTIPART_CD_SYNTAX_INVALID 0x100000 |
Invalid Content-Disposition syntax.
#define HTP_MULTIPART_CD_TYPE_INVALID 0x20000 |
Part type specified in the C-D header is neither MULTIPART_PART_TEXT nor MULTIPART_PART_FILE.
#define HTP_MULTIPART_CRLF_LINE 0x0002 |
Seen a CRLF line in the payload. This is normal and expected.
#define HTP_MULTIPART_HAS_EPILOGUE 0x0020 |
Payload has an epilogue part. Unusual.
#define HTP_MULTIPART_HAS_PREAMBLE 0x0010 |
Payload has a preamble part. Might not be that unusual.
#define HTP_MULTIPART_HBOUNDARY_INVALID 0x0200 |
The boundary in the Content-Type header is invalid.
#define HTP_MULTIPART_HBOUNDARY_QUOTED 0x0800 |
The boundary in the Content-Type header is quoted. This is very unusual, and may be indicative of an evasion attempt.
#define HTP_MULTIPART_HBOUNDARY_UNUSUAL 0x0400 |
The boundary in the Content-Type header is unusual. This may mean that evasion is attempted, but it could also mean that we have encountered a client that does not do things in the way it should.
#define HTP_MULTIPART_INCOMPLETE 0x0100 |
The payloads ends abruptly, without proper termination. Can occur if the client gives up, or if the connection is interrupted. When this flag is raised, HTP_MULTIPART_PART_INCOMPLETE will also be raised for the part that was only partially processed. (But the opposite may not always be the case – there are other ways in which a part can be left incomplete.)
#define HTP_MULTIPART_INVALID |
Value:
#define HTP_MULTIPART_PART_AFTER_LAST_BOUNDARY
Definition: htp_multipart.h:91
#define HTP_MULTIPART_PART_INVALID
Definition: htp_multipart.h:165
#define HTP_MULTIPART_INCOMPLETE
Definition: htp_multipart.h:99
#define HTP_MULTIPART_HBOUNDARY_INVALID
Definition: htp_multipart.h:102
A collection of flags that all indicate an invalid Multipart payload.
#define HTP_MULTIPART_LF_LINE 0x0001 |
Seen a LF line in the payload. LF lines are not allowed, but some clients do use them and some backends do accept them. Mixing LF and CRLF lines within some payload might be unusual.
#define HTP_MULTIPART_MIME_TYPE "multipart/form-data" |
#define HTP_MULTIPART_NUL_BYTE 0x400000 |
A NUL byte was seen in a part header area.
#define HTP_MULTIPART_PART_AFTER_LAST_BOUNDARY 0x0080 |
There was a part after the last boundary. This is highly irregular and indicative of evasion.
#define HTP_MULTIPART_PART_HEADER_FOLDING 0x1000 |
Header folding was used in part headers. Very unusual.
#define HTP_MULTIPART_PART_HEADER_INVALID 0x10000 |
Invalid part header encountered.
#define HTP_MULTIPART_PART_HEADER_REPEATED 0x4000 |
There was a repeated part header, possibly in an attempt to confuse the parser. Very unusual.
#define HTP_MULTIPART_PART_HEADER_UNKNOWN 0x8000 |
Unknown part header encountered.
#define HTP_MULTIPART_PART_INCOMPLETE 0x200000 |
There is an abruptly terminated part. This can happen when the payload itself is abruptly terminated (in which case HTP_MULTIPART_INCOMPLETE) will be raised. However, it can also happen when a boundary is seen before any part data.
#define HTP_MULTIPART_PART_INVALID |
Value:
#define HTP_MULTIPART_CD_INVALID
Definition: htp_multipart.h:158
#define HTP_MULTIPART_NUL_BYTE
Definition: htp_multipart.h:155
#define HTP_MULTIPART_PART_HEADER_INVALID
Definition: htp_multipart.h:133
#define HTP_MULTIPART_PART_UNKNOWN
Definition: htp_multipart.h:124
#define HTP_MULTIPART_PART_HEADER_UNKNOWN
Definition: htp_multipart.h:130
#define HTP_MULTIPART_PART_INCOMPLETE
Definition: htp_multipart.h:152
#define HTP_MULTIPART_PART_HEADER_REPEATED
Definition: htp_multipart.h:127
A collection of flags that all indicate an invalid part.
#define HTP_MULTIPART_PART_UNKNOWN 0x2000 |
A part of unknown type was encountered, which probably means that the part is lacking a Content-Disposition header, or that the header is invalid. Highly unusual.
#define HTP_MULTIPART_SEEN_LAST_BOUNDARY 0x0040 |
The last boundary was seen in the payload. Absence of the last boundary may not break parsing with some (most?) backends, but it means that the payload is not well formed. Can occur if the client gives up, or if the connection is interrupted. Incomplete payloads should be blocked whenever possible.
#define HTP_MULTIPART_UNUSUAL |
Value:
#define HTP_MULTIPART_HBOUNDARY_QUOTED
Definition: htp_multipart.h:115
#define HTP_MULTIPART_INVALID
Definition: htp_multipart.h:175
#define HTP_MULTIPART_PART_HEADER_FOLDING
Definition: htp_multipart.h:118
#define HTP_MULTIPART_HAS_EPILOGUE
Definition: htp_multipart.h:77
#define HTP_MULTIPART_BBOUNDARY_NLWS_AFTER
Definition: htp_multipart.h:67
A collection of flags that all indicate an unusual Multipart payload.
#define HTP_MULTIPART_UNUSUAL_PARANOID |
Value:
#define HTP_MULTIPART_HAS_PREAMBLE
Definition: htp_multipart.h:72
#define HTP_MULTIPART_UNUSUAL
Definition: htp_multipart.h:182
#define HTP_MULTIPART_BBOUNDARY_LWS_AFTER
Definition: htp_multipart.h:64
#define HTP_MULTIPART_LF_LINE
Definition: htp_multipart.h:58
A collection of flags that all indicate an unusual Multipart payload, with a low sensitivity to irregularities.
Holds multipart parser configuration and state. Private.
Holds information related to a part.
Holds information related to a multipart body.
Enumerator |
---|
MULTIPART_PART_UNKNOWN |
Unknown part.
|
MULTIPART_PART_TEXT |
Text (parameter) part.
|
MULTIPART_PART_FILE |
File part.
|
MULTIPART_PART_PREAMBLE |
Free-text part before the first boundary.
|
MULTIPART_PART_EPILOGUE |
Free-text part after the last boundary.
|
Creates a new multipart/form-data parser. On a successful invocation, the ownership of the boundary parameter is transferred to the parser.
- Parameters
-
[in] | cfg | |
[in] | boundary | |
[in] | flags | |
- Returns
- New parser instance, or NULL on memory allocation failure.
Destroys the provided parser.
- Parameters
-
Finalize parsing.
- Parameters
-
- Returns
- HTP_OK on success, HTP_ERROR on failure.
htp_status_t htp_mpartp_find_boundary |
( |
bstr * |
content_type, |
|
|
bstr ** |
boundary, |
|
|
uint64_t * |
multipart_flags |
|
) |
| |
Looks for boundary in the supplied Content-Type request header. The extracted boundary will be allocated on the heap.
- Parameters
-
[in] | content_type | |
[out] | boundary | |
[out] | multipart_flags | Multipart flags, which are not compatible from general LibHTP flags. |
- Returns
- HTP_OK on success (boundary found), HTP_DECLINED if boundary was not found, and HTP_ERROR on failure. Flags may be set on HTP_OK and HTP_DECLINED. For example, if a boundary could not be extracted but there is indication that one is present, HTP_MULTIPART_HBOUNDARY_INVALID will be set.
Returns the multipart structure created by the parser.
- Parameters
-
- Returns
- The main multipart structure.
Parses a chunk of multipart/form-data data. This function should be called as many times as necessary until all data has been consumed.
- Parameters
-
[in] | parser | |
[in] | data | |
[in] | len | |
- Returns
- HTP_OK on success, HTP_ERROR on failure.