Bug 51748 - Apache 2.2.20 Range fix regression. Negative value handling
Summary: Apache 2.2.20 Range fix regression. Negative value handling
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: All (show other bugs)
Version: 2.5-HEAD
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: FixedInTrunk
Depends on:
Blocks:
 
Reported: 2011-09-01 06:48 UTC by low_priority
Modified: 2014-02-17 13:52 UTC (History)
1 user (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description low_priority 2011-09-01 06:48:01 UTC
I think the version 2.2.19 behavior is correct.
See RFC 2616 section 14.35.1 "Byte Ranges".


Request and response sample in each versions.
===== version 2.2.20
GET / HTTP/1.1
Host: localhost
Range: bytes=-1

HTTP/1.1 206 Partial Content
Server: Apache/2.2.20 (Unix)
Accept-Ranges: bytes
Content-Length: 2
Content-Range: bytes 0-1/10240
Content-Type: text/html

===== version 2.2.19
GET / HTTP/1.1
Host: localhost
Range: bytes=-1

HTTP/1.1 206 Partial Content
Server: Apache/2.2.19 (Unix)
Accept-Ranges: bytes
Content-Length: 1
Content-Range: bytes 10239-10239/10240
Content-Type: text/html
=====


Fix patch for version 2.2.20 release.
=====
diff -Nur httpd-2.2.20-orig/modules/http/byterange_filter.c httpd-2.2.20/modules/http/byterange_filter.c
--- httpd-2.2.20-orig/modules/http/byterange_filter.c   2011-08-30 00:59:39.000000000 +0900
+++ httpd-2.2.20/modules/http/byterange_filter.c        2011-09-01 15:05:44.000000000 +0900
@@ -501,7 +501,7 @@
             break;
         }

-        if (dash == range) {
+        if (dash == cur) {
             /* In the form "-5" */
             if (apr_strtoff(&number, dash+1, &errp, 10) || *errp) {
                 break;
=====
Comment 1 Ruediger Pluem 2011-09-01 10:26:32 UTC
You are correct. Fixed in trunk as r1163985.
Comment 2 Tomas Hoger 2011-09-13 12:52:07 UTC
There is one special case here: -0

RFC does not define that case as syntactically invalid.  My reading is that it's considered valid but unsatisfiable (If a syntactically valid byte-range-set includes ... at least one suffix-byte-range-spec with a non-zero suffix-length, then the byte-range-set is satisfiable.).

The latest httpd behaviour is to handle that as invalid, hence ignore Range header and return 200.  That's quite reasonable, given that -0 is not any better than invalid 10-9.  Just noting here so it can be decided if it should stay as is or be changed to be more rfc-compliant.  Required change seems trivial (allowing number >= 0).

And maybe I'm just reading the RFC wrong.
Comment 3 Stefan Fritsch 2011-09-17 15:22:17 UTC
Fixed in 2.2.21
Comment 4 Tomas Hoger 2011-11-14 13:04:18 UTC
Regarding comment #2, I wonder if it's been overlooked, or whatever the behaviour (invalid vs. unsatisfiable) is for the meaningless case is considered fine.  Should I do separate bug for it?  Thanks!