You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2011/09/28 23:48:46 UTC
svn commit: r1177080 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS
modules/http/byterange_filter.c
Author: sf
Date: Wed Sep 28 21:48:45 2011
New Revision: 1177080
URL: http://svn.apache.org/viewvc?rev=1177080&view=rev
Log:
Backport r1175980, r1175992:
byterange: Range of '0-' returns 206
Submitted by: Jim Jagielski
Reviewed by: jim, rpluem, rjung, sf
Modified:
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/STATUS
httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1177080&r1=1177079&r2=1177080&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Wed Sep 28 21:48:45 2011
@@ -1,7 +1,8 @@
-*- coding: utf-8 -*-
Changes with Apache 2.2.22
-
+ *) Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20:
+ A range of '0-' returns a 206. PR 51878. [Jim Jagielski]
Changes with Apache 2.2.21
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1177080&r1=1177079&r2=1177080&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Wed Sep 28 21:48:45 2011
@@ -94,13 +94,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * byterange: Range of '0-' returns 206.
- Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1175980
- http://svn.apache.org/viewvc?view=revision&revision=1175992
- 2.2.x patch: http://people.apache.org/~jim/patches/2.2-byterange0-.txt
- +1: jim, rpluem, rjung, sf
- sf says: please also mention PR 51878 in CHANGES
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
Modified: httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c?rev=1177080&r1=1177079&r2=1177080&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c (original)
+++ httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c Wed Sep 28 21:48:45 2011
@@ -500,6 +500,20 @@ static int ap_set_byterange(request_rec
}
else { /* "5-" */
end = clength - 1;
+ /*
+ * special case: 0-
+ * ignore all other ranges provided
+ * return as a single range: 0-
+ */
+ if (start == 0) {
+ apr_array_clear(*indexes);
+ idx = (indexes_t *)apr_array_push(*indexes);
+ idx->start = start;
+ idx->end = end;
+ sum_lengths = clength;
+ num_ranges = 1;
+ break;
+ }
}
}
@@ -526,9 +540,9 @@ static int ap_set_byterange(request_rec
/* If all ranges are unsatisfiable, we should return 416 */
return -1;
}
- if (sum_lengths >= clength) {
+ if (sum_lengths > clength) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
- "Sum of ranges not smaller than file, ignoring.");
+ "Sum of ranges larger than file, ignoring.");
return 0;
}
Re: svn commit: r1177080 - in /httpd/httpd/branches/2.2.x: CHANGES
STATUS modules/http/byterange_filter.c
Posted by Rainer Jung <ra...@kippdata.de>.
On 29.09.2011 00:38, William A. Rowe Jr. wrote:
> On 9/28/2011 4:48 PM, sf@apache.org wrote:
>> -*- coding: utf-8 -*-
>> Changes with Apache 2.2.22
>>
>> -
>> + *) Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20:
>> + A range of '0-' returns a 206. PR 51878. [Jim Jagielski]
>
> s/returns/will now return/ ?
Clarified in r1177181.
Rainer
Re: svn commit: r1177080 - in /httpd/httpd/branches/2.2.x: CHANGES
STATUS modules/http/byterange_filter.c
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On 9/28/2011 4:48 PM, sf@apache.org wrote:
> -*- coding: utf-8 -*-
> Changes with Apache 2.2.22
>
> -
> + *) Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20:
> + A range of '0-' returns a 206. PR 51878. [Jim Jagielski]
s/returns/will now return/ ?