-
/*
- * $Id$
- *
- * DEBUG: section 68 HTTP Content-Range Header
- * AUTHOR: Alex Rousskov
- *
- * SQUID Web Proxy Cache http://www.squid-cache.org/
- * ----------------------------------------------------------
- *
- * Squid is the result of efforts by numerous individuals from
- * the Internet community; see the CONTRIBUTORS file for full
- * details. Many organizations have provided support for Squid's
- * development; see the SPONSORS file for full details. Squid is
- * Copyrighted (C) 2001 by the Regents of the University of
- * California; see the COPYRIGHT file for full details. Squid
- * incorporates software developed and/or copyrighted by other
- * sources; see the CREDITS file for full details.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
+ * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
*
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
*/
+/* DEBUG: section 68 HTTP Content-Range Header */
+
#include "squid.h"
+#include "base/Packable.h"
+#include "Debug.h"
+#include "enums.h"
#include "HttpHdrContRange.h"
+#include "HttpHeaderTools.h"
/*
* Currently only byte ranges are supported
* entity-length = 1*DIGIT
*/
-
/* local constants */
#define range_spec_unknown (-1)
if (!httpHeaderParseOffset(field, &spec->offset))
return 0;
- p++;
+ /* Additional check for BUG2155 - there MUST BE first-byte-pos and it MUST be positive*/
+ if (spec->offset < 0) {
+ debugs(68, 2, "invalid (no first-byte-pos or it is negative) resp-range-spec near: '" << field << "'");
+ return 0;
+ }
+
+ ++p;
/* do we have last-pos ? */
- if (p - field < flen) {
- int64_t last_pos;
+ if (p - field >= flen) {
+ debugs(68, 2, "invalid (no last-byte-pos) resp-range-spec near: '" << field << "'");
+ return 0;
+ }
- if (!httpHeaderParseOffset(p, &last_pos))
- return 0;
+ int64_t last_pos;
- spec->length = size_diff(last_pos + 1, spec->offset);
- /* Ensure typecast is safe */
- assert (spec->length >= 0);
+ if (!httpHeaderParseOffset(p, &last_pos))
+ return 0;
+
+ if (last_pos < spec->offset) {
+ debugs(68, 2, "invalid (negative last-byte-pos) resp-range-spec near: '" << field << "'");
+ return 0;
}
+ spec->length = size_diff(last_pos + 1, spec->offset);
+
/* we managed to parse, check if the result makes sence */
- if (known_spec(spec->length) && spec->length == 0) {
+ if (spec->length <= 0) {
debugs(68, 2, "invalid range (" << spec->offset << " += " <<
(long int) spec->length << ") in resp-range-spec near: '" << field << "'");
return 0;
}
static void
-httpHdrRangeRespSpecPackInto(const HttpHdrRangeSpec * spec, Packer * p)
+httpHdrRangeRespSpecPackInto(const HttpHdrRangeSpec * spec, Packable * p)
{
/* Ensure typecast is safe */
assert (spec->length >= 0);
if (!known_spec(spec->offset) || !known_spec(spec->length))
- packerPrintf(p, "*");
+ p->append("*", 1);
else
- packerPrintf(p, "bytes %"PRId64"-%"PRId64,
- spec->offset, spec->offset + spec->length - 1);
+ p->appendf("bytes %" PRId64 "-%" PRId64, spec->offset, spec->offset + spec->length - 1);
}
/*
HttpHdrContRange *
httpHdrContRangeCreate(void)
{
- HttpHdrContRange *r = (HttpHdrContRange *)memAllocate(MEM_HTTP_HDR_CONTENT_RANGE);
+ HttpHdrContRange *r = new HttpHdrContRange;
r->spec.offset = r->spec.length = range_spec_unknown;
r->elength = range_spec_unknown;
return r;
HttpHdrContRange *r = httpHdrContRangeCreate();
if (!httpHdrContRangeParseInit(r, str)) {
- httpHdrContRangeDestroy(r);
- r = NULL;
+ delete r;
+ return nullptr;
}
return r;
else if (!httpHdrRangeRespSpecParseInit(&range->spec, str, p - str))
return 0;
- p++;
+ ++p;
if (*p == '*')
range->elength = range_spec_unknown;
else if (!httpHeaderParseOffset(p, &range->elength))
return 0;
+ else if (range->elength <= 0) {
+ /* Additional paranoidal check for BUG2155 - entity-length MUST be > 0 */
+ debugs(68, 2, "invalid (entity-length is negative) content-range-spec near: '" << str << "'");
+ return 0;
+ } else if (known_spec(range->spec.length) && range->elength < (range->spec.offset + range->spec.length)) {
+ debugs(68, 2, "invalid (range is outside entity-length) content-range-spec near: '" << str << "'");
+ return 0;
+ }
debugs(68, 8, "parsed content-range field: " <<
(long int) range->spec.offset << "-" <<
return 1;
}
-void
-httpHdrContRangeDestroy(HttpHdrContRange * range)
-{
- assert(range);
- memFree(range, MEM_HTTP_HDR_CONTENT_RANGE);
-}
-
HttpHdrContRange *
httpHdrContRangeDup(const HttpHdrContRange * range)
{
}
void
-httpHdrContRangePackInto(const HttpHdrContRange * range, Packer * p)
+httpHdrContRangePackInto(const HttpHdrContRange * range, Packable * p)
{
assert(range && p);
httpHdrRangeRespSpecPackInto(&range->spec, p);
assert (range->elength >= 0);
if (!known_spec(range->elength))
- packerPrintf(p, "/*");
+ p->append("/*", 2);
else
- packerPrintf(p, "/%"PRId64, range->elength);
+ p->appendf("/%" PRId64, range->elength);
}
void
cr->spec = spec;
cr->elength = ent_len;
}
+
projects / thirdparty / squid.git / blobdiff