http: fix overflow in HTPParseContentRange

author Philippe Antoine <contact@catenacyber.fr>

Wed, 29 May 2019 19:21:03 +0000 (21:21 +0200)

committer Victor Julien <victor@inliniac.net>

Sat, 8 Jun 2019 19:16:35 +0000 (21:16 +0200)
author Philippe Antoine <contact@catenacyber.fr>
Wed, 29 May 2019 19:21:03 +0000 (21:21 +0200)
committer Victor Julien <victor@inliniac.net>
Sat, 8 Jun 2019 19:16:35 +0000 (21:16 +0200)
diff --git a/src/app-layer-htp-file.c b/src/app-layer-htp-file.c

index 16574cf369379dfd022dce544e3589f9f7b22913..3dd25b41e1a45cc87d3ae1e07c5f82c40268ef4f 100644 (file)
--- a/src/app-layer-htp-file.c
+++ b/src/app-layer-htp-file.c
@@ -196,13 +196,13 @@ int HTPParseContentRange(bstr * rawvalue, HtpContentRange *range)
          // case with start and end
          range->start = bstr_util_mem_to_pint(data + pos, len - pos, 10, &last_pos);
          pos += last_pos;
-        if (len < pos || data[pos] != '-') {
+        if (len < pos + 1 || data[pos] != '-') {
              return -1;
          }
          pos++;
          range->end = bstr_util_mem_to_pint(data + pos, len - pos, 10, &last_pos);
          pos += last_pos;
-        if (len < pos || data[pos] != '/') {
+        if (len < pos + 1 || data[pos] != '/') {
              return -1;
          }
          pos++;
author	Philippe Antoine <contact@catenacyber.fr>
	Wed, 29 May 2019 19:21:03 +0000 (21:21 +0200)
committer	Victor Julien <victor@inliniac.net>
	Sat, 8 Jun 2019 19:16:35 +0000 (21:16 +0200)