From: Amos Jeffries <squid3@treenet.co.nz>
Date: Wed, 27 Aug 2014 14:36:22 +0000 (-0600)
Subject: Ignore Range headers with unidentifiable byte-range values
X-Git-Tag: SQUID_3_2_14~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7bcf325ad4580a95981d13503c421ed6e6a6754d;p=thirdparty%2Fsquid.git

Ignore Range headers with unidentifiable byte-range values

If squid is unable to determine the byte value for ranges, treat the
header as invalid.
---

diff --git a/src/HttpHdrRange.cc b/src/HttpHdrRange.cc
index c1f2cd79eb..8c396e4387 100644
--- a/src/HttpHdrRange.cc
+++ b/src/HttpHdrRange.cc
@@ -93,7 +93,7 @@ HttpHdrRangeSpec::parseInit(const char *field, int flen)
 
     /* is it a suffix-byte-range-spec ? */
     if (*field == '-') {
-        if (!httpHeaderParseOffset(field + 1, &length))
+        if (!httpHeaderParseOffset(field + 1, &length) || !known_spec(length))
             return false;
     } else
         /* must have a '-' somewhere in _this_ field */
@@ -101,7 +101,7 @@ HttpHdrRangeSpec::parseInit(const char *field, int flen)
             debugs(64, 2, "invalid (missing '-') range-spec near: '" << field << "'");
             return false;
         } else {
-            if (!httpHeaderParseOffset(field, &offset))
+            if (!httpHeaderParseOffset(field, &offset) || !known_spec(offset))
                 return false;
 
             ++p;
@@ -110,7 +110,7 @@ HttpHdrRangeSpec::parseInit(const char *field, int flen)
             if (p - field < flen) {
                 int64_t last_pos;
 
-                if (!httpHeaderParseOffset(p, &last_pos))
+                if (!httpHeaderParseOffset(p, &last_pos) || !known_spec(last_pos))
                     return false;
 
                 // RFC 2616 s14.35.1 MUST: last-byte-pos >= first-byte-pos