curl-library
[PATCH] http: fix parsing of Content-Range, don't go past '/' char
Date: Fri, 27 Jun 2014 03:30:32 +0100
I have an http server which returns the Content-Range: */12345. The
libcurl Content-Range parser parses the range start offset as 12345
instead of 0 or '*'. This causes file corruption if the user asks for
resume_from=12345 and the server responds with http error 416 and with
some HTML payload relating to the error. The reason is that we interpret
the total file length as a start offset which is wrong. This is easily
solved by not trying to look for the start offset beyond the '/' slash
character.
For reference, this is the http transaction that causes the file corruption:
GET /somedata HTTP/1.1
Range: bytes=6336704-
User-Agent: curl/7.29.0
Host: pstorm.co.uk
Accept: */*
HTTP/1.1 416 Requested Range Not Satisfiable
Server: nginx
Date: Thu, 26 Jun 2014 22:53:38 GMT
Content-Type: text/html
Content-Length: 206
Connection: keep-alive
X-Powered-By: PleskLin
Content-Range: bytes */6336704
<html>
<head><title>416 Requested Range Not Satisfiable</title></head>
<body bgcolor="white">
<center><h1>416 Requested Range Not Satisfiable</h1></center>
<hr><center>nginx</center>
</body>
</html>
--- lib/http.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/http.c b/lib/http.c index 78791ee..6bd56eb 100644 --- a/lib/http.c +++ b/lib/http.c @@ -3544,8 +3544,8 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data, char *ptr = k->p + 14; - /* Move forward until first digit */ - while(*ptr && !ISDIGIT(*ptr)) + /* Move forward until first digit but don't go past the '/' char */ + while(*ptr && !ISDIGIT(*ptr) && *ptr != '/') ptr++; k->offset = curlx_strtoofft(ptr, NULL, 10); -- 1.8.1.2 ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2014-06-27