cURL / Mailing Lists / curl-library / Single Mail

curl-library

[PATCH] http: fix parsing of Content-Range, don't go past '/' char

From: Dimitrios Siganos <dimitris_at_siganos.org>
Date: Fri, 27 Jun 2014 03:30:32 +0100

I have an http server which returns the Content-Range: */12345. The
libcurl Content-Range parser parses the range start offset as 12345
instead of 0 or '*'. This causes file corruption if the user asks for
resume_from=12345 and the server responds with http error 416 and with
some HTML payload relating to the error. The reason is that we interpret
the total file length as a start offset which is wrong. This is easily
solved by not trying to look for the start offset beyond the '/' slash
character.

For reference, this is the http transaction that causes the file corruption:

GET /somedata HTTP/1.1
Range: bytes=6336704-
User-Agent: curl/7.29.0
Host: pstorm.co.uk
Accept: */*

HTTP/1.1 416 Requested Range Not Satisfiable
Server: nginx
Date: Thu, 26 Jun 2014 22:53:38 GMT
Content-Type: text/html
Content-Length: 206
Connection: keep-alive
X-Powered-By: PleskLin
Content-Range: bytes */6336704

<html>
<head><title>416 Requested Range Not Satisfiable</title></head>
<body bgcolor="white">
<center><h1>416 Requested Range Not Satisfiable</h1></center>
<hr><center>nginx</center>
</body>
</html>

---
 lib/http.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/http.c b/lib/http.c
index 78791ee..6bd56eb 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -3544,8 +3544,8 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
 
       char *ptr = k->p + 14;
 
-      /* Move forward until first digit */
-      while(*ptr && !ISDIGIT(*ptr))
+      /* Move forward until first digit but don't go past the '/' char */
+      while(*ptr && !ISDIGIT(*ptr) && *ptr != '/')
         ptr++;
 
       k->offset = curlx_strtoofft(ptr, NULL, 10);
-- 
1.8.1.2
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2014-06-27