Re: Compliance: Improved HTTP Range header field validation.

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 02 Aug 2010 00:20:41 +0000

On Sun, 01 Aug 2010 15:04:56 -0600, Alex Rousskov
<rousskov_at_measurement-factory.com> wrote:
> Compliance: Improved HTTP Range header field validation.
>
> 1) Improve HttpHdrRangeSpec::parseInit() to parse syntactically valid
> range specs:
>
> * Suffix ranges with 0 length (i.e. -0), are syntactically valid.
>
> * Check that last-byte-pos is greater than or equal to first-byte-pos.
>
> After the change, HttpHdrRangeSpec::parseInit() successfully parses
> suffix ranges with 0 length. They were rejected before. RFC 2616 section

> 14.35.1 says such range specs are syntactically valid but unsatisfiable.

> Thus, we should ignore the range spec itself, but not the whole range
> header. These range specs will be rejected later, during canonization.
>
>
> 2) In HttpHdrRangeSpec::parseInit(), ignore the whole range header if
> one of range specs is syntactically invalid (i.e. range spec parsing
> fails).
>
> Co-Advisor test case: test_clause/rfc2616/invalidRange
>
>
> Please review.
>
> Thank you,
>
> Alex.

+1.

Amos
Received on Mon Aug 02 2010 - 00:20:45 MDT

This archive was generated by hypermail 2.2.0 : Mon Aug 02 2010 - 12:00:11 MDT