Changelog
+Daniel S (22 April 2007)
+- Song Ma's warning if -r/--range is given with a "bad" range, also noted in
+ the man page now.
+
+- Daniel Black filed bug #1705177
+ (http://curl.haxx.se/bug/view.cgi?id=1705177) where --without-ssl
+ --with-gnutl outputs a warning about SSL not being enabled even though GnuTLS
+ was found and used.
+
Daniel S (21 April 2007)
- Daniel Black filed bug #1704675
(http://curl.haxx.se/bug/view.cgi?id=1704675) identifying a double-free
(*) = NOTE that this will cause the server to reply with a multipart
response!
+Only digit characters (0-9) are valid in 'start' and 'stop' of range syntax
+\&'start-stop'. If a non-digit character is given in the range, the server's
+response will be unexpectable, depending on different server's configuration.
+
You should also be aware that many HTTP/1.1 servers do not have this feature
enabled, so that when you attempt to get a range, you'll instead get the whole
document.
(and won't actually be range by definition). The man page previously
claimed that to be a good way, why this code is added to work-around
it. */
- if(!strchr(nextarg, '-')) {
+ if(ISDIGIT(*nextarg) && !strchr(nextarg, '-')) {
char buffer[32];
curl_off_t off;
warnf(config,
snprintf(buffer, sizeof(buffer), "%Od-", off);
GetStr(&config->range, buffer);
}
- else
+ {
+ /* byte range requested */
+ char* tmp_range;
+ tmp_range=nextarg;
+ while(*tmp_range != '\0') {
+ if(!ISDIGIT(*tmp_range)&&*tmp_range!='-'&&*tmp_range!=',') {
+ warnf(config,"Invalid character is found in given range. "
+ "A specified range MUST have only digits in "
+ "\'start\'-\'stop\'. The server's response to this "
+ "request is uncertain.\n");
+ break;
+ }
+ tmp_range++;
+ }
/* byte range requested */
GetStr(&config->range, nextarg);
-
+ }
break;
case 'R':
/* use remote file's time */
projects / curl / commitdiff