Compliance: Improved HTTP Range header field validation.

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Sun, 01 Aug 2010 15:04:56 -0600

Compliance: Improved HTTP Range header field validation.

1) Improve HttpHdrRangeSpec::parseInit() to parse syntactically valid
range specs:

* Suffix ranges with 0 length (i.e. -0), are syntactically valid.

* Check that last-byte-pos is greater than or equal to first-byte-pos.

After the change, HttpHdrRangeSpec::parseInit() successfully parses
suffix ranges with 0 length. They were rejected before. RFC 2616 section
14.35.1 says such range specs are syntactically valid but unsatisfiable.
Thus, we should ignore the range spec itself, but not the whole range
header. These range specs will be rejected later, during canonization.

2) In HttpHdrRangeSpec::parseInit(), ignore the whole range header if
one of range specs is syntactically invalid (i.e. range spec parsing fails).

Co-Advisor test case: test_clause/rfc2616/invalidRange

Please review.

Thank you,

Alex.

Received on Sun Aug 01 2010 - 21:05:05 MDT

This archive was generated by hypermail 2.2.0 : Mon Aug 02 2010 - 12:00:11 MDT