Add NULL check for multipart boundary in multipart_complete

hnakamur · hnakamur · commit a96b557b1996 · 2026-01-01T23:30:07.000+09:00
This check is added to satisfy SonarQube Cloud Quality Gate on CI. owasp-modsecurity#3483 (comment)
diff --git a/apache2/msc_multipart.c b/apache2/msc_multipart.c
@@ -1023,6 +1023,11 @@ int multipart_complete(modsec_rec *msr, char **error_msg) {
              * processed yet) in the buffer.
              */
             if (msr->mpd->buf_contains_line) {
+                if (msr->mpd->boundary == NULL) {
+                    *error_msg = apr_psprintf(msr->mp, "Multipart: BUG: multipart_complete must not be called if multipart_init returns an error.");
+                    return -1;
+                }
+
                 /*
                  * Note that the buffer may end with the final boundary followed by only CR,
                  * coming from the [CRLF epilogue], when allow_process_partial == 1 (which is
