Range-Bug
- From: Kai Lüke <kailueke riseup net>
- To: libsoup-list gnome org
- Subject: Range-Bug
- Date: Wed, 31 Jul 2013 20:28:50 +0200
Hello,
because bugzilla.gnome.org doesn't load for me rightnow, I will post it
here.
While I'm happy that libsoup handles range requests automatically, I
found out that invalid range requests lead to an integer overflow in
Content-Lenght.
Reproduce:
printf "GET / HTTP/1.0\r\n\r\n" |nc localhost 8000
printf "GET / HTTP/1.0\r\nRange: bytes=0-\r\n\r\n" |nc localhost 8000
printf "GET / HTTP/1.0\r\nRange: bytes=4-\r\n\r\n" |nc localhost 8000
printf "GET / HTTP/1.0\r\nRange: bytes=5-\r\n\r\n" |nc localhost 8000
printf "GET / HTTP/1.0\r\nRange: bytes=6-\r\n\r\n" |nc localhost 8000
printf "GET / HTTP/1.0\r\nRange: bytes=7-\r\n\r\n" |nc localhost 8000
On this small server:
#!/usr/bin/env python3
from gi.repository import Soup, GObject
import signal
def w(server, msg, path, query, clientContext, userdata):
msg.set_status(200)
msg.set_response("text/html", Soup.MemoryUse.COPY,"hallo".encode())
g = Soup.Server(port=8000)
g.add_handler("", w, None)
signal.signal(signal.SIGINT, signal.SIG_DFL)
g.run()
Leads to these answers:
HTTP/1.0 200 OK
Server: libsoup/2.42.2
Date: Tue, 30 Jul 2013 16:40:36 GMT
Content-Type: text/html
Content-Length: 5
hallo
---
HTTP/1.0 206 Partial Content
Server: libsoup/2.42.2
Date: Tue, 30 Jul 2013 16:40:36 GMT
Content-Type: text/html
Content-Range: bytes 0-4/5
Content-Length: 5
hallo
---
HTTP/1.0 206 Partial Content
Server: libsoup/2.42.2
Date: Tue, 30 Jul 2013 16:40:36 GMT
Content-Type: text/html
Content-Range: bytes 4-4/5
Content-Length: 1
o
---
HTTP/1.0 206 Partial Content
Server: libsoup/2.42.2
Date: Tue, 30 Jul 2013 16:40:36 GMT
Content-Type: text/html
Content-Range: bytes 5-4/5
Content-Length: 0
---
HTTP/1.0 206 Partial Content
Server: libsoup/2.42.2
Date: Tue, 30 Jul 2013 16:40:36 GMT
Content-Type: text/html
Content-Range: bytes 6-4/5
Content-Length: 18446744073709551615
---
HTTP/1.0 206 Partial Content
Server: libsoup/2.42.2
Date: Tue, 30 Jul 2013 16:40:36 GMT
Content-Type: text/html
Content-Range: bytes 7-4/5
Content-Length: 18446744073709551614
And some two assertions failing:
(process:31829): libsoup-CRITICAL **: soup_message_body_append_buffer:
assertion `buffer->length > 0' failed
(process:31829): libsoup-CRITICAL **: soup_message_body_append_buffer:
assertion `buffer->length > 0' failed
Of course the response behavior for unnormal requests is not easy to
discuss, but at least Content-Lenght and Content-Range are somehow wrong.
Thanks for reading,
Kai
[
Date Prev][
Date Next] [
Thread Prev][Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]