cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Maybe cURL manual shall state something about the invalid range user input for FTP?

From: Song Ma <songmash_at_gmail.com>
Date: Mon, 16 Apr 2007 16:23:49 +0800

Hi Daniel,

Here is my update to give some prompt for user when they input invalid
character in "-r/--range" option.
main.c:
--- main.c 2007-04-16 16:22:29.000000000 +0800
+++ main.c.update 2007-04-16 16:22:21.000000000 +0800
@@ -2187,9 +2187,25 @@
         GetStr(&config->range, buffer);
       }
       else
- /* byte range requested */
- GetStr(&config->range, nextarg);
-
+ {
+ char* tmp_range;
+ tmp_range=nextarg;
+ while(*tmp_range != '\0')
+ {
+ if(!ISDIGIT(*tmp_range)&&*tmp_range!='-'&&*tmp_range!=',')
+ {
+ warnf(config,"Invalid character is found in user's input
range. "
+ "A specified range MUST have only digits in
\'start\'-\'stop\'. "
+ "Server's response upon this request could be
unexpectable\n");
+ break;
+ }
+
+ tmp_range++;
+ }
+
+ /* byte range requested */
+ GetStr(&config->range, nextarg);
+ }
       break;
     case 'R':
       /* use remote file's time */

curl.1 for man manual:
--- curl.1 2007-04-16 16:06:30.000000000 +0800
+++ curl.1.update 2007-04-16 16:26:33.000000000 +0800
@@ -875,6 +875,11 @@
(*) = NOTE that this will cause the server to reply with a multipart
response!

+Only digit characters (0-9) are valid in 'start' and 'stop' of range syntax
+'start-stop'. If user input any non-digit character in the range, HTTP or
FTP
+server's response could be unexpectable, depending on different server's
+configuration.
+
You should also be aware that many HTTP/1.1 servers do not have this
feature
enabled, so that when you attempt to get a range, you'll instead get the
whole
document.

Any comments please let me know.
Best Regards,
Song Ma

2007/4/15, Daniel Stenberg <daniel_at_haxx.se>:
>
> On Fri, 13 Apr 2007, Song Ma wrote:
>
> > Yes I am willing to make a patch for these.
>
> Great!
>
> > But is there some document or guideline to tell me where I can start
> from?
> > Though I have used and studied cURL a lot before but I am new to
> interactive
> > with community. :)
>
> To add a warning, edit src/main.c
>
> To add something to the curl man page, edit docs/curl.1
>
> Then make a patch with 'diff' (described briefly in docs/CONTRIBUTE) and
> post
> here!
>
> --
> Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
>
Received on 2007-04-16

This message: [ Message body ]
Next message: jayjwa: "Re: Curl 7.16.2; Tests Using Stunnel"
Previous message: Daniel Stenberg: "Re: Curl fails with content lenght > 1023"
In reply to: Daniel Stenberg: "Re: Maybe cURL manual shall state something about the invalid range user input for FTP?"
Next in thread: Daniel Stenberg: "Re: Maybe cURL manual shall state something about the invalid range user input for FTP?"
Reply: Daniel Stenberg: "Re: Maybe cURL manual shall state something about the invalid range user input for FTP?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]