cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: CURLOPT_RANGE without any response

From: Guenter <lists_at_gknw.net>
Date: Tue, 10 Jan 2012 23:27:20 +0100

Am 09.01.2012 08:28, schrieb Daniel Stenberg:
> If there's no response at all, it isn't HTTP compliant and it would
> indicate that there's something involved not playing nice.
>
> But for no HTTP response at all, libcurl returns an error so perhaps
> you're saying that it gets stuck at that point? I don't think it is a
> problem in libcurl for that either. That given range looks awefully big
> for a gif image, can that have something to do with how the server acts?
we had recently an issue whith range headers where it was demonstrated
that a single machine is able to kill a httpd server with a specially
crafted range header, see also:
http://www.apache.org/dist/httpd/CHANGES_2.2
which lists the coresponding CVEs ...
also it might be that other folks now limit or even disable range
headers entirely due to paranoia, perhaps also with a firewall which
might then simply reject or drop the request so that the server doesnt
have any chance to reply with an error.

Gün.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-01-10