You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by ji...@apache.org on 2011/09/26 20:12:42 UTC

svn commit: r1175980 - /httpd/httpd/trunk/modules/http/byterange_filter.c

Author: jim
Date: Mon Sep 26 18:12:41 2011
New Revision: 1175980

URL: http://svn.apache.org/viewvc?rev=1175980&view=rev
Log:
Put 0- on the fast-track

Modified:
    httpd/httpd/trunk/modules/http/byterange_filter.c

Modified: httpd/httpd/trunk/modules/http/byterange_filter.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/byterange_filter.c?rev=1175980&r1=1175979&r2=1175980&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http/byterange_filter.c (original)
+++ httpd/httpd/trunk/modules/http/byterange_filter.c Mon Sep 26 18:12:41 2011
@@ -208,6 +208,20 @@ static int ap_set_byterange(request_rec 
             }
             else {                  /* "5-" */
                 end = clength - 1;
+                /*
+                 * special case: 0-
+                 *   ignore all other ranges provided
+                 *   return as a single range: 0-
+                 */
+                if (start == 0) {
+                    num_ranges = 0;
+                    sum_lengths = 0;
+                    in_merge = 1;
+                    oend = end;
+                    ostart = start;
+                    apr_array_clear(*indexes);
+                    break;
+                }
             }
         }
 
@@ -272,7 +286,7 @@ static int ap_set_byterange(request_rec 
         /* If all ranges are unsatisfiable, we should return 416 */
         return -1;
     }
-    if (sum_lengths >= clength) {
+    if (sum_lengths > clength) {
         ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
                       "Sum of ranges not smaller than file, ignoring.");
         return 0;

Re: svn commit: r1175980 - /httpd/httpd/trunk/modules/http/byterange_filter.c

Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.

On 10/10/2011 1:29 PM, Jeff Trawick wrote:
> On Mon, Sep 26, 2011 at 2:12 PM,  <ji...@apache.org> wrote:
>> Author: jim
>> Date: Mon Sep 26 18:12:41 2011
>> New Revision: 1175980
>>
>> URL: http://svn.apache.org/viewvc?rev=1175980&view=rev
>> Log:
>> Put 0- on the fast-track
>>
>> Modified:
>>    httpd/httpd/trunk/modules/http/byterange_filter.c
> 
> Apache Killer will emit "host seems vuln" with this fix, but that will
> have to be addressed with attempted reassurances instead of code.

"test seems bogus"... but that's true of most vulnerability scans.

Re: svn commit: r1175980 - /httpd/httpd/trunk/modules/http/byterange_filter.c

Posted by Jeff Trawick <tr...@gmail.com>.

On Mon, Sep 26, 2011 at 2:12 PM,  <ji...@apache.org> wrote:
> Author: jim
> Date: Mon Sep 26 18:12:41 2011
> New Revision: 1175980
>
> URL: http://svn.apache.org/viewvc?rev=1175980&view=rev
> Log:
> Put 0- on the fast-track
>
> Modified:
>    httpd/httpd/trunk/modules/http/byterange_filter.c

Apache Killer will emit "host seems vuln" with this fix, but that will
have to be addressed with attempted reassurances instead of code.