use new apr_strtoff function to parse PUT ranges correctly.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103762 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/dav/main/mod_dav.c b/modules/dav/main/mod_dav.c
index 0c0886d8fb10bfafe9a535d742511edb0f7ca760..38d67b0bf59d72129bc0e22bd9719ee4f207805b 100644 (file)
--- a/modules/dav/main/mod_dav.c
+++ b/modules/dav/main/mod_dav.c
@@ -767,6 +767,7 @@ static int dav_parse_range(request_rec *r,
     char *range;
     char *dash;
     char *slash;
+    char *errp;
 
     range_c = apr_table_get(r->headers_in, "content-range");
     if (range_c == NULL)
@@ -780,17 +781,28 @@ static int dav_parse_range(request_rec *r,
         return 0;
     }
 
-    *dash = *slash = '\0';
+    *dash++ = *slash++ = '\0';
 
-    *range_start = apr_atoi64(range + 6);
-    *range_end = apr_atoi64(dash + 1);
+    /* ignore invalid ranges. (per S14.16 of RFC2616) */
+    if (apr_strtoff(range_start, range + 6, &errp, 10)
+        || *errp || *range_start < 0) {
+        return 0;
+    }
 
-    if (*range_end < *range_start
-        || (slash[1] != '*' && apr_atoi64(slash + 1) <= *range_end)) {
-        /* invalid range. ignore it (per S14.16 of RFC2616) */
+    if (apr_strtoff(range_end, dash, &errp, 10)
+        || *errp || *range_end < 0 || *range_end < *range_start) {
         return 0;
     }
 
+    if (*slash != '*') {
+        apr_off_t dummy;
+
+        if (apr_strtoff(&dummy, slash, &errp, 10)
+            || *errp || dummy <= *range_end) {
+            return 0;
+        }
+    }
+
     /* we now have a valid range */
     return 1;
 }