From a93af43974c02c675443e285fa9d9710b2f0a7c9 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 22 Apr 2007 09:31:27 +0000 Subject: [PATCH] - Song Ma's warning if -r/--range is given with a "bad" range, also noted in the man page now. --- CHANGES | 9 +++++++++ docs/curl.1 | 4 ++++ src/main.c | 19 ++++++++++++++++--- 3 files changed, 29 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 3ccb69909..a22131418 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,15 @@ Changelog +Daniel S (22 April 2007) +- Song Ma's warning if -r/--range is given with a "bad" range, also noted in + the man page now. + +- Daniel Black filed bug #1705177 + (http://curl.haxx.se/bug/view.cgi?id=1705177) where --without-ssl + --with-gnutl outputs a warning about SSL not being enabled even though GnuTLS + was found and used. + Daniel S (21 April 2007) - Daniel Black filed bug #1704675 (http://curl.haxx.se/bug/view.cgi?id=1704675) identifying a double-free diff --git a/docs/curl.1 b/docs/curl.1 index dd5d1d758..a4bc9f00e 100644 --- a/docs/curl.1 +++ b/docs/curl.1 @@ -941,6 +941,10 @@ specifies two separate 100 bytes ranges(*)(H) (*) = NOTE that this will cause the server to reply with a multipart response! +Only digit characters (0-9) are valid in 'start' and 'stop' of range syntax +\&'start-stop'. If a non-digit character is given in the range, the server's +response will be unexpectable, depending on different server's configuration. + You should also be aware that many HTTP/1.1 servers do not have this feature enabled, so that when you attempt to get a range, you'll instead get the whole document. diff --git a/src/main.c b/src/main.c index 55d1d0adf..229eb8dc8 100644 --- a/src/main.c +++ b/src/main.c @@ -2350,7 +2350,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */ (and won't actually be range by definition). The man page previously claimed that to be a good way, why this code is added to work-around it. */ - if(!strchr(nextarg, '-')) { + if(ISDIGIT(*nextarg) && !strchr(nextarg, '-')) { char buffer[32]; curl_off_t off; warnf(config, @@ -2360,10 +2360,23 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */ snprintf(buffer, sizeof(buffer), "%Od-", off); GetStr(&config->range, buffer); } - else + { + /* byte range requested */ + char* tmp_range; + tmp_range=nextarg; + while(*tmp_range != '\0') { + if(!ISDIGIT(*tmp_range)&&*tmp_range!='-'&&*tmp_range!=',') { + warnf(config,"Invalid character is found in given range. " + "A specified range MUST have only digits in " + "\'start\'-\'stop\'. The server's response to this " + "request is uncertain.\n"); + break; + } + tmp_range++; + } /* byte range requested */ GetStr(&config->range, nextarg); - + } break; case 'R': /* use remote file's time */