From: Stefan Fritsch <sf@apache.org>
Date: Sat, 27 Aug 2011 12:31:06 +0000 (+0000)
Subject: If the sum of all ranges in a request is not smaller than the file, fall back
X-Git-Tag: 2.3.15~337
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4b2bb2573e814de58847c9247f9d7afc6123b6f6;p=apache

If the sum of all ranges in a request is not smaller than the file, fall back
to 200.  This takes care of potential DoS issues from ranges like
0-100,1000-,0-100,1000-,...


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1162331 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/http/byterange_filter.c b/modules/http/byterange_filter.c
index dc9092f1cc..359f870d3f 100644
--- a/modules/http/byterange_filter.c
+++ b/modules/http/byterange_filter.c
@@ -420,7 +420,7 @@ static int ap_set_byterange(request_rec *r, apr_off_t clength,
     char *cur, **new;
     apr_array_header_t *merged;
     int num_ranges = 0;
-    apr_off_t ostart = 0, oend = 0;
+    apr_off_t ostart = 0, oend = 0, sum_lenghts = 0;
     int in_merge = 0;
     indexes_t *idx;
     int overlaps = 0, reversals = 0;
@@ -560,6 +560,7 @@ static int ap_set_byterange(request_rec *r, apr_off_t clength,
             idx = (indexes_t *)apr_array_push(indexes);
             idx->start = ostart;
             idx->end = oend;
+            sum_lenghts += oend - ostart + 1;
             /* new set again */
             in_merge = 1;
             ostart = start;
@@ -575,8 +576,14 @@ static int ap_set_byterange(request_rec *r, apr_off_t clength,
         idx = (indexes_t *)apr_array_push(indexes);
         idx->start = ostart;
         idx->end = oend;
+        sum_lenghts += oend - ostart + 1;
         num_ranges++;
     }
+    if (sum_lenghts >= clength) {
+        ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
+                      "Sum of ranges not smaller than file, ignoring.");
+        return 0;
+    }
         
     r->status = HTTP_PARTIAL_CONTENT;
     r->range = apr_array_pstrcat(r->pool, merged, ',');