From a93af43974c02c675443e285fa9d9710b2f0a7c9 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 22 Apr 2007 09:31:27 +0000
Subject: [PATCH] - Song Ma's warning if -r/--range is given with a "bad"
 range, also noted in   the man page now.

---
 CHANGES     |  9 +++++++++
 docs/curl.1 |  4 ++++
 src/main.c  | 19 ++++++++++++++++---
 3 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index 3ccb69909..a22131418 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,15 @@
 
                                   Changelog
 
+Daniel S (22 April 2007)
+- Song Ma's warning if -r/--range is given with a "bad" range, also noted in
+  the man page now.
+
+- Daniel Black filed bug #1705177
+  (http://curl.haxx.se/bug/view.cgi?id=1705177) where --without-ssl
+  --with-gnutl outputs a warning about SSL not being enabled even though GnuTLS
+  was found and used.
+
 Daniel S (21 April 2007)
 - Daniel Black filed bug #1704675
   (http://curl.haxx.se/bug/view.cgi?id=1704675) identifying a double-free
diff --git a/docs/curl.1 b/docs/curl.1
index dd5d1d758..a4bc9f00e 100644
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -941,6 +941,10 @@ specifies two separate 100 bytes ranges(*)(H)
 (*) = NOTE that this will cause the server to reply with a multipart
 response!
 
+Only digit characters (0-9) are valid in 'start' and 'stop' of range syntax
+\&'start-stop'. If a non-digit character is given in the range, the server's
+response will be unexpectable, depending on different server's configuration.
+
 You should also be aware that many HTTP/1.1 servers do not have this feature
 enabled, so that when you attempt to get a range, you'll instead get the whole
 document.
diff --git a/src/main.c b/src/main.c
index 55d1d0adf..229eb8dc8 100644
--- a/src/main.c
+++ b/src/main.c
@@ -2350,7 +2350,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
          (and won't actually be range by definition). The man page previously
          claimed that to be a good way, why this code is added to work-around
          it. */
-      if(!strchr(nextarg, '-')) {
+      if(ISDIGIT(*nextarg) && !strchr(nextarg, '-')) {
         char buffer[32];
         curl_off_t off;
         warnf(config,
@@ -2360,10 +2360,23 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
         snprintf(buffer, sizeof(buffer), "%Od-", off);
         GetStr(&config->range, buffer);
       }
-      else
+      {
+        /* byte range requested */
+        char* tmp_range;
+        tmp_range=nextarg;
+        while(*tmp_range != '\0') {
+          if(!ISDIGIT(*tmp_range)&&*tmp_range!='-'&&*tmp_range!=',') {
+            warnf(config,"Invalid character is found in given range. "
+                  "A specified range MUST have only digits in "
+                  "\'start\'-\'stop\'. The server's response to this "
+                  "request is uncertain.\n");
+            break;
+          }
+          tmp_range++;
+        }
         /* byte range requested */
         GetStr(&config->range, nextarg);
-
+      }
       break;
     case 'R':
       /* use remote file's time */