Thanks Seema i will take a look.

What kind of effect are you seeing ? any error message ?



On Tue, Jul 24, 2012 at 7:52 AM, seema deepak <> wrote:

I came across a bug while using ModSecurity 2.6.5 with our server.
Multipart code tries to close the descriptor more than once; once in multipart_process_boundary() and again in multipart_cleanup().

Below change in multipart_process_boundary() fixed the issue.
--- modsecurity-apache/apache2/msc_multipart.c Fri Jul 20 06:08:39 2012 -0700
+++ modsecurity-apache/apache2/msc_multipart.c Fri Jul 20 06:11:42 2012 -0700
@@ -581,6 +581,7 @@
&&(msr->mpd->mpp->tmp_file_fd != 0))
+            msr->mpd->mpp->tmp_file_fd = -1;

I don't know if this has already been fixed in the latest version.

Thanks and Regards,
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
mod-security-developers mailing list
ModSecurity Services from Trustwave's SpiderLabs: