DomainKey-Status: no signature
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on vps.siganos.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 required=4.2 tests=AWL,BAYES_00,
	FORGED_RCVD_HELO autolearn=ham version=3.1.0
Received: (qmail 24032 invoked from network); 27 Jun 2014 03:30:48 +0100
Received: from cpc13-finc14-2-0-cust555.4-2.cable.virginm.net (HELO localhost.localdomain) (213.81.94.44)
  by mail.siganos.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 27 Jun 2014 03:30:48 +0100
From: Dimitrios Siganos <dimitris@siganos.org>
To: curl-library@cool.haxx.se
Cc: Dimitrios Siganos <dimitris@siganos.org>
Subject: [PATCH] http: fix parsing of Content-Range, don't go past '/' char
Date: Fri, 27 Jun 2014 03:30:32 +0100
Message-Id: <1403836232-16397-1-git-send-email-dimitris@siganos.org>
X-Mailer: git-send-email 1.8.1.2

I have an http server which returns the Content-Range: */12345. The
libcurl Content-Range parser parses the range start offset as 12345
instead of 0 or '*'. This causes file corruption if the user asks for
resume_from=12345 and the server responds with http error 416 and with
some HTML payload relating to the error. The reason is that we interpret
the total file length as a start offset which is wrong. This is easily
solved by not trying to look for the start offset beyond the '/' slash
character.

For reference, this is the http transaction that causes the file corruption:

GET /somedata HTTP/1.1
Range: bytes=6336704-
User-Agent: curl/7.29.0
Host: pstorm.co.uk
Accept: */*

HTTP/1.1 416 Requested Range Not Satisfiable
Server: nginx
Date: Thu, 26 Jun 2014 22:53:38 GMT
Content-Type: text/html
Content-Length: 206
Connection: keep-alive
X-Powered-By: PleskLin
Content-Range: bytes */6336704

<html>
<head><title>416 Requested Range Not Satisfiable</title></head>
<body bgcolor="white">
<center><h1>416 Requested Range Not Satisfiable</h1></center>
<hr><center>nginx</center>
</body>
</html>
---
 lib/http.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/http.c b/lib/http.c
index 78791ee..6bd56eb 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -3544,8 +3544,8 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
 
       char *ptr = k->p + 14;
 
-      /* Move forward until first digit */
-      while(*ptr && !ISDIGIT(*ptr))
+      /* Move forward until first digit but don't go past the '/' char */
+      while(*ptr && !ISDIGIT(*ptr) && *ptr != '/')
         ptr++;
 
       k->offset = curlx_strtoofft(ptr, NULL, 10);
-- 
1.8.1.2