------------------------------------------------------------ revno: 11828 revision-id: squid3@treenet.co.nz-20140827143622-aj6y1q5khr7txsa7 parent: squid3@treenet.co.nz-20130713132208-e91nzzf0usz2ytp6 committer: Amos Jeffries branch nick: 3.2 timestamp: Wed 2014-08-27 08:36:22 -0600 message: Ignore Range headers with unidentifiable byte-range values If squid is unable to determine the byte value for ranges, treat the header as invalid. ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20140827143622-aj6y1q5khr7txsa7 # target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ # /SQUID_3_2 # testament_sha1: befb9d196a5292711a18d9503d5c50a60f1fa66a # timestamp: 2014-08-27 14:36:44 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ # /SQUID_3_2 # base_revision_id: squid3@treenet.co.nz-20130713132208-\ # e91nzzf0usz2ytp6 # # Begin patch === modified file 'src/HttpHdrRange.cc' --- src/HttpHdrRange.cc 2012-07-28 05:38:50 +0000 +++ src/HttpHdrRange.cc 2014-08-27 14:36:22 +0000 @@ -93,7 +93,7 @@ /* is it a suffix-byte-range-spec ? */ if (*field == '-') { - if (!httpHeaderParseOffset(field + 1, &length)) + if (!httpHeaderParseOffset(field + 1, &length) || !known_spec(length)) return false; } else /* must have a '-' somewhere in _this_ field */ @@ -101,7 +101,7 @@ debugs(64, 2, "invalid (missing '-') range-spec near: '" << field << "'"); return false; } else { - if (!httpHeaderParseOffset(field, &offset)) + if (!httpHeaderParseOffset(field, &offset) || !known_spec(offset)) return false; ++p; @@ -110,7 +110,7 @@ if (p - field < flen) { int64_t last_pos; - if (!httpHeaderParseOffset(p, &last_pos)) + if (!httpHeaderParseOffset(p, &last_pos) || !known_spec(last_pos)) return false; // RFC 2616 s14.35.1 MUST: last-byte-pos >= first-byte-pos