Re: [mod-security-users] Nulls in post cause false negative (Bug?)
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Nulls in post cause false negative (Bug?)
|
From: Ivan R. <iv...@we...> - 2003-08-28 20:24:03
|
> Second, I'd like to report what seems to be a bug in POST_PAYLOAD > scanning. > > ... > > Is this the desired behavior? No, it is definitely a bug - I'll upload a fix to the CVS tonight. The bug was that there was no range checking for POST payloads (range 0-255 was hardcoded). Normally something like this would have been caught by the SecFilterForceByteRange check. I am not really sure whether to implement an additional check for the null byte. It is aleady being done for all content types other than "application/x-www-form-urlencoded" (to allow for scanning of uploaded files, even if they are in a binary format). I feel that it would be better to let SecFilterForceByteRange catch the null byte attack. What do you think? Bye, Ivan |
