You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by sf...@apache.org on 2011/09/28 23:48:46 UTC

svn commit: r1177080 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS modules/http/byterange_filter.c

Author: sf
Date: Wed Sep 28 21:48:45 2011
New Revision: 1177080

URL: http://svn.apache.org/viewvc?rev=1177080&view=rev
Log:
Backport r1175980, r1175992:

    byterange: Range of '0-' returns 206

Submitted by: Jim Jagielski
Reviewed by: jim, rpluem, rjung, sf

Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1177080&r1=1177079&r2=1177080&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Wed Sep 28 21:48:45 2011
@@ -1,7 +1,8 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.22
 
-
+ *) Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20:
+    A range of '0-' returns a 206. PR 51878. [Jim Jagielski]
 
 Changes with Apache 2.2.21
 

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1177080&r1=1177079&r2=1177080&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Wed Sep 28 21:48:45 2011
@@ -94,13 +94,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  * byterange: Range of '0-' returns 206.
-    Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1175980
-                 http://svn.apache.org/viewvc?view=revision&revision=1175992
-    2.2.x patch: http://people.apache.org/~jim/patches/2.2-byterange0-.txt
-    +1: jim, rpluem, rjung, sf
-    sf says: please also mention PR 51878 in CHANGES
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 

Modified: httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c?rev=1177080&r1=1177079&r2=1177080&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c (original)
+++ httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c Wed Sep 28 21:48:45 2011
@@ -500,6 +500,20 @@ static int ap_set_byterange(request_rec 
             }
             else {                  /* "5-" */
                 end = clength - 1;
+                /*
+                 * special case: 0-
+                 *   ignore all other ranges provided
+                 *   return as a single range: 0-
+                 */
+                if (start == 0) {
+                    apr_array_clear(*indexes);
+                    idx = (indexes_t *)apr_array_push(*indexes);
+                    idx->start = start;
+                    idx->end = end;
+                    sum_lengths = clength;
+                    num_ranges = 1;
+                    break;
+                }
             }
         }
 
@@ -526,9 +540,9 @@ static int ap_set_byterange(request_rec 
         /* If all ranges are unsatisfiable, we should return 416 */
         return -1;
     }
-    if (sum_lengths >= clength) {
+    if (sum_lengths > clength) {
         ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                      "Sum of ranges not smaller than file, ignoring.");
+                      "Sum of ranges larger than file, ignoring.");
         return 0;
     }

Re: svn commit: r1177080 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS modules/http/byterange_filter.c

Posted by Rainer Jung <ra...@kippdata.de>.

On 29.09.2011 00:38, William A. Rowe Jr. wrote:
> On 9/28/2011 4:48 PM, sf@apache.org wrote:
>>                                                           -*- coding: utf-8 -*-
>>  Changes with Apache 2.2.22
>>  
>> -
>> + *) Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20:
>> +    A range of '0-' returns a 206. PR 51878. [Jim Jagielski]
> 
> s/returns/will now return/ ?

Clarified in r1177181.

Rainer

Re: svn commit: r1177080 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS modules/http/byterange_filter.c

Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.

On 9/28/2011 4:48 PM, sf@apache.org wrote:
>                                                           -*- coding: utf-8 -*-
>  Changes with Apache 2.2.22
>  
> -
> + *) Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20:
> +    A range of '0-' returns a 206. PR 51878. [Jim Jagielski]

s/returns/will now return/ ?