-
/*
- * $Id: HttpHdrContRange.cc,v 1.22 2007/08/13 18:25:14 hno Exp $
- *
- * DEBUG: section 68 HTTP Content-Range Header
- * AUTHOR: Alex Rousskov
- *
- * SQUID Web Proxy Cache http://www.squid-cache.org/
- * ----------------------------------------------------------
- *
- * Squid is the result of efforts by numerous individuals from
- * the Internet community; see the CONTRIBUTORS file for full
- * details. Many organizations have provided support for Squid's
- * development; see the SPONSORS file for full details. Squid is
- * Copyrighted (C) 2001 by the Regents of the University of
- * California; see the COPYRIGHT file for full details. Squid
- * incorporates software developed and/or copyrighted by other
- * sources; see the CREDITS file for full details.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
+ * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
*
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
*/
+/* DEBUG: section 68 HTTP Content-Range Header */
+
#include "squid.h"
+#include "Debug.h"
+#include "enums.h"
#include "HttpHdrContRange.h"
+#include "HttpHeaderTools.h"
/*
* Currently only byte ranges are supported
* entity-length = 1*DIGIT
*/
-
/* local constants */
#define range_spec_unknown (-1)
if (!httpHeaderParseOffset(field, &spec->offset))
return 0;
- p++;
+ /* Additional check for BUG2155 - there MUST BE first-byte-pos and it MUST be positive*/
+ if (spec->offset < 0) {
+ debugs(68, 2, "invalid (no first-byte-pos or it is negative) resp-range-spec near: '" << field << "'");
+ return 0;
+ }
+
+ ++p;
/* do we have last-pos ? */
- if (p - field < flen) {
- int64_t last_pos;
+ if (p - field >= flen) {
+ debugs(68, 2, "invalid (no last-byte-pos) resp-range-spec near: '" << field << "'");
+ return 0;
+ }
- if (!httpHeaderParseOffset(p, &last_pos))
- return 0;
+ int64_t last_pos;
- spec->length = size_diff(last_pos + 1, spec->offset);
- /* Ensure typecast is safe */
- assert (spec->length >= 0);
+ if (!httpHeaderParseOffset(p, &last_pos))
+ return 0;
+
+ if (last_pos < spec->offset) {
+ debugs(68, 2, "invalid (negative last-byte-pos) resp-range-spec near: '" << field << "'");
+ return 0;
}
+ spec->length = size_diff(last_pos + 1, spec->offset);
+
/* we managed to parse, check if the result makes sence */
- if (known_spec(spec->length) && spec->length == 0) {
+ if (spec->length <= 0) {
debugs(68, 2, "invalid range (" << spec->offset << " += " <<
(long int) spec->length << ") in resp-range-spec near: '" << field << "'");
return 0;
if (!known_spec(spec->offset) || !known_spec(spec->length))
packerPrintf(p, "*");
else
- packerPrintf(p, "bytes %"PRId64"-%"PRId64,
+ packerPrintf(p, "bytes %" PRId64 "-%" PRId64,
spec->offset, spec->offset + spec->length - 1);
}
else if (!httpHdrRangeRespSpecParseInit(&range->spec, str, p - str))
return 0;
- p++;
+ ++p;
if (*p == '*')
range->elength = range_spec_unknown;
else if (!httpHeaderParseOffset(p, &range->elength))
return 0;
+ else if (range->elength <= 0) {
+ /* Additional paranoidal check for BUG2155 - entity-length MUST be > 0 */
+ debugs(68, 2, "invalid (entity-length is negative) content-range-spec near: '" << str << "'");
+ return 0;
+ } else if (known_spec(range->spec.length) && range->elength < (range->spec.offset + range->spec.length)) {
+ debugs(68, 2, "invalid (range is outside entity-length) content-range-spec near: '" << str << "'");
+ return 0;
+ }
debugs(68, 8, "parsed content-range field: " <<
(long int) range->spec.offset << "-" <<
if (!known_spec(range->elength))
packerPrintf(p, "/*");
else
- packerPrintf(p, "/%"PRId64, range->elength);
+ packerPrintf(p, "/%" PRId64, range->elength);
}
void
cr->spec = spec;
cr->elength = ent_len;
}
+