prosody
d5360307a99d
plugins/mod_http_file_share.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_http_file_share.lua @ 11568:d5360307a99d

mod_http_file_share: Handle out of bounds Range request Turns out you can seek past the end of the file without getting an error. Also rejects empty range instead of sending the whole file.
author Kim Alvefur <zash@zash.se>
date Mon, 17 May 2021 14:14:25 +0200
parent 11564:60e31c9ece57
child 11594:19aac4247b03
comparison
equal deleted inserted replaced
11567:c471e19a238e 11568:d5360307a99d
359 local request_range = request.headers.range; 359 local request_range = request.headers.range;
360 local response_range; 360 local response_range;
361 if request_range then 361 if request_range then
362 local range_start, range_end = request_range:match("^bytes=(%d+)%-(%d*)$") 362 local range_start, range_end = request_range:match("^bytes=(%d+)%-(%d*)$")
363 -- Only support resumption, ie ranges from somewhere in the middle until the end of the file. 363 -- Only support resumption, ie ranges from somewhere in the middle until the end of the file.
364 if (range_start and range_start ~= "0" and range_start ~= filesize) and (range_end == "" or range_end == filesize) then 364 if (range_start and range_start ~= "0") and (range_end == "" or range_end == filesize) then
365 if handle:seek("set", tonumber(range_start)) then 365 local pos, size = tonumber(range_start), tonumber(filesize);
366 local new_pos = pos < size and handle:seek("set", pos);
367 if new_pos and new_pos < size then
366 response_range = "bytes "..range_start.."-"..filesize.."/"..filesize; 368 response_range = "bytes "..range_start.."-"..filesize.."/"..filesize;
367 filesize = string.format("%d", tonumber(filesize)-tonumber(range_start)); 369 filesize = string.format("%d", size-pos);
370 else
371 handle:close();
372 return 416;
368 end 373 end
369 end 374 end
370 end 375 end
371 376
372 377