|
 |
6dd3ac |
------------------------------------------------------------
|
|
|
6dd3ac |
revno: 12680
|
|
|
6dd3ac |
revision-id: squid3@treenet.co.nz-20140827135054-gocmdaazdumj5e2e
|
|
|
6dd3ac |
parent: squid3@treenet.co.nz-20140520164322-out2c9fak6sb2u4x
|
|
|
6dd3ac |
committer: Amos Jeffries <squid3@treenet.co.nz>
|
|
|
6dd3ac |
branch nick: 3.3
|
|
|
6dd3ac |
timestamp: Wed 2014-08-27 07:50:54 -0600
|
|
|
6dd3ac |
message:
|
|
|
6dd3ac |
Ignore Range headers with unidentifiable byte-range values
|
|
|
6dd3ac |
|
|
|
6dd3ac |
If squid is unable to determine the byte value for ranges, treat the
|
|
|
6dd3ac |
header as invalid.
|
|
|
6dd3ac |
------------------------------------------------------------
|
|
|
6dd3ac |
# Bazaar merge directive format 2 (Bazaar 0.90)
|
|
|
6dd3ac |
# revision_id: squid3@treenet.co.nz-20140827135054-gocmdaazdumj5e2e
|
|
|
6dd3ac |
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.3
|
|
|
6dd3ac |
# testament_sha1: 5518d5baca6f4327b40368e98fe8d9c36831fa1a
|
|
|
6dd3ac |
# timestamp: 2014-08-27 13:53:27 +0000
|
|
|
6dd3ac |
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.3
|
|
|
6dd3ac |
# base_revision_id: squid3@treenet.co.nz-20140520164322-\
|
|
|
6dd3ac |
# out2c9fak6sb2u4x
|
|
|
6dd3ac |
#
|
|
|
6dd3ac |
# Begin patch
|
|
|
6dd3ac |
=== modified file 'src/HttpHdrRange.cc'
|
|
|
6dd3ac |
--- src/HttpHdrRange.cc 2013-01-02 03:44:55 +0000
|
|
|
6dd3ac |
+++ src/HttpHdrRange.cc 2014-08-27 13:50:54 +0000
|
|
|
6dd3ac |
@@ -92,7 +92,7 @@
|
|
|
6dd3ac |
|
|
|
6dd3ac |
/* is it a suffix-byte-range-spec ? */
|
|
|
6dd3ac |
if (*field == '-') {
|
|
|
6dd3ac |
- if (!httpHeaderParseOffset(field + 1, &length))
|
|
|
6dd3ac |
+ if (!httpHeaderParseOffset(field + 1, &length) || !known_spec(length))
|
|
|
6dd3ac |
return false;
|
|
|
6dd3ac |
} else
|
|
|
6dd3ac |
/* must have a '-' somewhere in _this_ field */
|
|
|
6dd3ac |
@@ -100,7 +100,7 @@
|
|
|
6dd3ac |
debugs(64, 2, "invalid (missing '-') range-spec near: '" << field << "'");
|
|
|
6dd3ac |
return false;
|
|
|
6dd3ac |
} else {
|
|
|
6dd3ac |
- if (!httpHeaderParseOffset(field, &offset))
|
|
|
6dd3ac |
+ if (!httpHeaderParseOffset(field, &offset) || !known_spec(offset))
|
|
|
6dd3ac |
return false;
|
|
|
6dd3ac |
|
|
|
6dd3ac |
++p;
|
|
|
6dd3ac |
@@ -109,7 +109,7 @@
|
|
|
6dd3ac |
if (p - field < flen) {
|
|
|
6dd3ac |
int64_t last_pos;
|
|
|
6dd3ac |
|
|
|
6dd3ac |
- if (!httpHeaderParseOffset(p, &last_pos))
|
|
|
6dd3ac |
+ if (!httpHeaderParseOffset(p, &last_pos) || !known_spec(last_pos))
|
|
|
6dd3ac |
return false;
|
|
|
6dd3ac |
|
|
|
6dd3ac |
// RFC 2616 s14.35.1 MUST: last-byte-pos >= first-byte-pos
|
|
|
6dd3ac |
|