mirror of
https://github.com/emikulic/darkhttpd.git
synced 2023-08-10 21:13:08 +03:00
Improve handling of invalid ranges.
This commit is contained in:
parent
e8ec37109b
commit
862e3ac124
29
darkhttpd.c
29
darkhttpd.c
@ -1425,14 +1425,8 @@ static void parse_range_field(struct connection *conn) {
|
|||||||
conn->range_end_given = 1;
|
conn->range_end_given = 1;
|
||||||
conn->range_end = (off_t)strtoll(range+bound1, NULL, 10);
|
conn->range_end = (off_t)strtoll(range+bound1, NULL, 10);
|
||||||
}
|
}
|
||||||
} while(0); /* break handling */
|
} while(0);
|
||||||
free(range);
|
free(range);
|
||||||
|
|
||||||
/* sanity check: begin <= end */
|
|
||||||
if (conn->range_begin_given && conn->range_end_given &&
|
|
||||||
(conn->range_begin > conn->range_end)) {
|
|
||||||
conn->range_begin_given = conn->range_end_given = 0;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Parse an HTTP request like "GET / HTTP/1.1" to get the method (GET), the
|
/* Parse an HTTP request like "GET / HTTP/1.1" to get the method (GET), the
|
||||||
@ -1824,8 +1818,8 @@ static void process_get(struct connection *conn) {
|
|||||||
from = conn->range_begin;
|
from = conn->range_begin;
|
||||||
to = conn->range_end;
|
to = conn->range_end;
|
||||||
|
|
||||||
/* clamp [to] to filestat.st_size-1 */
|
/* clamp end to filestat.st_size-1 */
|
||||||
if (to > (size_t)(filestat.st_size-1))
|
if (to > (filestat.st_size - 1))
|
||||||
to = filestat.st_size - 1;
|
to = filestat.st_size - 1;
|
||||||
}
|
}
|
||||||
else if (conn->range_begin_given && !conn->range_end_given) {
|
else if (conn->range_begin_given && !conn->range_end_given) {
|
||||||
@ -1838,12 +1832,25 @@ static void process_get(struct connection *conn) {
|
|||||||
to = filestat.st_size - 1;
|
to = filestat.st_size - 1;
|
||||||
from = to - conn->range_end + 1;
|
from = to - conn->range_end + 1;
|
||||||
|
|
||||||
/* check for wrapping */
|
/* clamp start */
|
||||||
if (from > to) from = 0;
|
if (from < 0)
|
||||||
|
from = 0;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
errx(1, "internal error - from/to mismatch");
|
errx(1, "internal error - from/to mismatch");
|
||||||
|
|
||||||
|
if (from >= filestat.st_size) {
|
||||||
|
default_reply(conn, 416, "Requested Range Not Satisfiable",
|
||||||
|
"You requested a range outside of the file.");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (to < from) {
|
||||||
|
default_reply(conn, 416, "Requested Range Not Satisfiable",
|
||||||
|
"You requested a backward range.");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
conn->reply_start = from;
|
conn->reply_start = from;
|
||||||
conn->reply_length = to - from + 1;
|
conn->reply_length = to - from + 1;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user