1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 08:38:49 -05:00

Curl_range: add check to ensure "from <= to"

This commit is contained in:
Max Dymond 2018-01-29 10:12:40 +00:00 committed by Daniel Stenberg
parent e04417d98f
commit 3f8a727611
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2

View File

@ -36,7 +36,6 @@
CURLcode Curl_range(struct connectdata *conn) CURLcode Curl_range(struct connectdata *conn)
{ {
curl_off_t from, to; curl_off_t from, to;
curl_off_t totalsize = -1;
char *ptr; char *ptr;
char *ptr2; char *ptr2;
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
@ -67,10 +66,16 @@ CURLcode Curl_range(struct connectdata *conn)
} }
else { else {
/* X-Y */ /* X-Y */
totalsize = to-from; curl_off_t totalsize;
if(totalsize == CURL_OFF_T_MAX)
/* this is too big to increase, so bail out */ /* Ensure the range is sensible - to should follow from. */
if(from > to)
return CURLE_RANGE_ERROR; return CURLE_RANGE_ERROR;
totalsize = to - from;
if(totalsize == CURL_OFF_T_MAX)
return CURLE_RANGE_ERROR;
data->req.maxdownload = totalsize + 1; /* include last byte */ data->req.maxdownload = totalsize + 1; /* include last byte */
data->state.resume_from = from; data->state.resume_from = from;
DEBUGF(infof(data, "RANGE from %" CURL_FORMAT_CURL_OFF_T DEBUGF(infof(data, "RANGE from %" CURL_FORMAT_CURL_OFF_T