You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2011/09/26 20:12:42 UTC
svn commit: r1175980 - /httpd/httpd/trunk/modules/http/byterange_filter.c
Author: jim
Date: Mon Sep 26 18:12:41 2011
New Revision: 1175980
URL: http://svn.apache.org/viewvc?rev=1175980&view=rev
Log:
Put 0- on the fast-track
Modified:
httpd/httpd/trunk/modules/http/byterange_filter.c
Modified: httpd/httpd/trunk/modules/http/byterange_filter.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/byterange_filter.c?rev=1175980&r1=1175979&r2=1175980&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http/byterange_filter.c (original)
+++ httpd/httpd/trunk/modules/http/byterange_filter.c Mon Sep 26 18:12:41 2011
@@ -208,6 +208,20 @@ static int ap_set_byterange(request_rec
}
else { /* "5-" */
end = clength - 1;
+ /*
+ * special case: 0-
+ * ignore all other ranges provided
+ * return as a single range: 0-
+ */
+ if (start == 0) {
+ num_ranges = 0;
+ sum_lengths = 0;
+ in_merge = 1;
+ oend = end;
+ ostart = start;
+ apr_array_clear(*indexes);
+ break;
+ }
}
}
@@ -272,7 +286,7 @@ static int ap_set_byterange(request_rec
/* If all ranges are unsatisfiable, we should return 416 */
return -1;
}
- if (sum_lengths >= clength) {
+ if (sum_lengths > clength) {
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
"Sum of ranges not smaller than file, ignoring.");
return 0;
Re: svn commit: r1175980 - /httpd/httpd/trunk/modules/http/byterange_filter.c
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On 10/10/2011 1:29 PM, Jeff Trawick wrote:
> On Mon, Sep 26, 2011 at 2:12 PM, <ji...@apache.org> wrote:
>> Author: jim
>> Date: Mon Sep 26 18:12:41 2011
>> New Revision: 1175980
>>
>> URL: http://svn.apache.org/viewvc?rev=1175980&view=rev
>> Log:
>> Put 0- on the fast-track
>>
>> Modified:
>> httpd/httpd/trunk/modules/http/byterange_filter.c
>
> Apache Killer will emit "host seems vuln" with this fix, but that will
> have to be addressed with attempted reassurances instead of code.
"test seems bogus"... but that's true of most vulnerability scans.
Re: svn commit: r1175980 - /httpd/httpd/trunk/modules/http/byterange_filter.c
Posted by Jeff Trawick <tr...@gmail.com>.
On Mon, Sep 26, 2011 at 2:12 PM, <ji...@apache.org> wrote:
> Author: jim
> Date: Mon Sep 26 18:12:41 2011
> New Revision: 1175980
>
> URL: http://svn.apache.org/viewvc?rev=1175980&view=rev
> Log:
> Put 0- on the fast-track
>
> Modified:
> httpd/httpd/trunk/modules/http/byterange_filter.c
Apache Killer will emit "host seems vuln" with this fix, but that will
have to be addressed with attempted reassurances instead of code.