------------------------------------------------------------ revno: 13555 revision-id: squid3@treenet.co.nz-20140826154843-e2czvhzpm6g8vnl2 parent: squid3@treenet.co.nz-20140826041140-6s7g6mr56314k9qs committer: Amos Jeffries branch nick: trunk timestamp: Tue 2014-08-26 08:48:43 -0700 message: Ignore Range headers with unidentifiable byte-range values If squid is unable to determine the byte value for ranges, treat the header as invalid. ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20140826154843-e2czvhzpm6g8vnl2 # target_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/ # testament_sha1: 12b63ac9047fd7e54d209d59502ed290a6d7b4eb # timestamp: 2014-08-26 15:52:41 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/ # base_revision_id: squid3@treenet.co.nz-20140826041140-\ # 6s7g6mr56314k9qs # Index: squid3-3.1.19/src/HttpHdrRange.cc =================================================================== --- squid3-3.1.19.orig/src/HttpHdrRange.cc +++ squid3-3.1.19/src/HttpHdrRange.cc @@ -93,7 +93,7 @@ HttpHdrRangeSpec::parseInit(const char * /* is it a suffix-byte-range-spec ? */ if (*field == '-') { - if (!httpHeaderParseOffset(field + 1, &length)) + if (!httpHeaderParseOffset(field + 1, &length) || !known_spec(length)) return false; } else /* must have a '-' somewhere in _this_ field */ @@ -101,7 +101,7 @@ HttpHdrRangeSpec::parseInit(const char * debugs(64, 2, "invalid (missing '-') range-spec near: '" << field << "'"); return false; } else { - if (!httpHeaderParseOffset(field, &offset)) + if (!httpHeaderParseOffset(field, &offset) || !known_spec(offset)) return false; p++; @@ -110,7 +110,7 @@ HttpHdrRangeSpec::parseInit(const char * if (p - field < flen) { int64_t last_pos; - if (!httpHeaderParseOffset(p, &last_pos)) + if (!httpHeaderParseOffset(p, &last_pos) || !known_spec(last_pos)) return false; // RFC 2616 s14.35.1 MUST: last-byte-pos >= first-byte-pos