1 files changed, 7 insertions, 11 deletions
diff --git a/ufilter.c b/ufilter.c
index 2eeed56..6d9669f 100644
--- a/ufilter.c
+++ b/ufilter.c
@@ -281,10 +281,10 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS
                                int n;
                                cpend = mefd->data + mefd->length;
                                for (char *cp = mefd->data; cp < cpend; cp++) {
-                                        if (*cp >= 32) {
+                                        if (*cp >= 32 || isspace(*cp)) {
                                                continue;
                                        }
-                                        if (*cp & 0x80) {
+                                        if ((*cp & 0x80) && SUHOSIN_G(upload_allow_utf8)) {
                                                SDEBUG("checking char %x", *cp);
                                                if ((n = suhosin_validate_utf8_multibyte(cp))) { // valid UTF8 multibyte character
                                                        cp += n - 1;
@@ -292,16 +292,12 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS
                                                }
                                        }
                                        
-                                        if (!isspace(*cp)) {
+                                        suhosin_log(S_FILES, "uploaded file contains binary data - file dropped");
-                                                suhosin_log(S_FILES, "uploaded file contains binary data - file dropped");
+                                        if (!SUHOSIN_G(simulation)) {
-                                                if (!SUHOSIN_G(simulation)) {
+                                                goto continue_with_failure;
-                                                        goto continue_with_failure;
-                                                }
-                                                break;
                                        }
+                                        break;
                                }
-                                
                        }
                        if (SUHOSIN_G(upload_remove_binary)) {
@@ -313,7 +309,7 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS
                                for (i=0, j=0; i<mefd->length; i++) {
                                        if (mefd->data[i] >= 32 || isspace(mefd->data[i])) {
                                                mefd->data[j++] = mefd->data[i];
-                                        } else if (mefd->data[i] & 0x80) {
+                                        } else if (SUHOSIN_G(upload_allow_utf8) && mefd->data[i] & 0x80) {
                                                n = suhosin_validate_utf8_multibyte(mefd->data + i);
                                                if (!n) { continue; }
                                                while (n) {

diff --git a/ufilter.c b/ufilter.c index 2eeed56..6d9669f 100644 --- a/ufilter.c +++ b/ufilter.c
@@ -281,10 +281,10 @@ int suhosin_rfc1867_filter(unsigned int event, void event_data, void *extra TS
281	int n;	281	int n;
282	cpend = mefd->data + mefd->length;	282	cpend = mefd->data + mefd->length;
283	for (char *cp = mefd->data; cp < cpend; cp++) {	283	for (char *cp = mefd->data; cp < cpend; cp++) {
284	if (*cp >= 32) {	284	if (cp >= 32 \|\| isspace(cp)) {
285	continue;	285	continue;
286	}	286	}
287	if (*cp & 0x80) {	287	if ((*cp & 0x80) && SUHOSIN_G(upload_allow_utf8)) {
288	SDEBUG("checking char %x", *cp);	288	SDEBUG("checking char %x", *cp);
289	if ((n = suhosin_validate_utf8_multibyte(cp))) { // valid UTF8 multibyte character	289	if ((n = suhosin_validate_utf8_multibyte(cp))) { // valid UTF8 multibyte character
290	cp += n - 1;	290	cp += n - 1;
@@ -292,16 +292,12 @@ int suhosin_rfc1867_filter(unsigned int event, void event_data, void *extra TS
292	}	292	}
293	}	293	}
294		294
295	if (!isspace(*cp)) {	295	suhosin_log(S_FILES, "uploaded file contains binary data - file dropped");
296	suhosin_log(S_FILES, "uploaded file contains binary data - file dropped");	296	if (!SUHOSIN_G(simulation)) {
297	if (!SUHOSIN_G(simulation)) {	297	goto continue_with_failure;
298	goto continue_with_failure;
299	}
300	break;
301	}	298	}
302		299	break;
303	}	300	}
304
305	}	301	}
306		302
307	if (SUHOSIN_G(upload_remove_binary)) {	303	if (SUHOSIN_G(upload_remove_binary)) {
@@ -313,7 +309,7 @@ int suhosin_rfc1867_filter(unsigned int event, void event_data, void *extra TS
313	for (i=0, j=0; i<mefd->length; i++) {	309	for (i=0, j=0; i<mefd->length; i++) {
314	if (mefd->data[i] >= 32 \|\| isspace(mefd->data[i])) {	310	if (mefd->data[i] >= 32 \|\| isspace(mefd->data[i])) {
315	mefd->data[j++] = mefd->data[i];	311	mefd->data[j++] = mefd->data[i];
316	} else if (mefd->data[i] & 0x80) {	312	} else if (SUHOSIN_G(upload_allow_utf8) && mefd->data[i] & 0x80) {
317	n = suhosin_validate_utf8_multibyte(mefd->data + i);	313	n = suhosin_validate_utf8_multibyte(mefd->data + i);
318	if (!n) { continue; }	314	if (!n) { continue; }
319	while (n) {	315	while (n) {