From 5fd8dd3c36acbdcdc8b551954e4e6d05b997bc52 Mon Sep 17 00:00:00 2001 From: kelson42 Date: Wed, 8 Nov 2017 19:27:51 +0100 Subject: [PATCH] Fix HTTP request byte range handling #91 --- src/server/kiwix-serve.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/server/kiwix-serve.cpp b/src/server/kiwix-serve.cpp index dc0a892..a03e5fe 100644 --- a/src/server/kiwix-serve.cpp +++ b/src/server/kiwix-serve.cpp @@ -676,9 +676,12 @@ static int accessHandlerCallback(void* cls, int range_start = 0; int range_end = -1; if (acceptRangeHeaderValue != NULL) { + // [FIXME] This part is sub-optimal and potentially prone to fail + // because we don't check the string length before using substr + // The `range.length() >= 6` should mitigate the bug but we have to + // rewrite this part. auto range = std::string(acceptRangeHeaderValue); - if (range.substr(0, 6) == "bytes=") - { + if (range.length() >= 6 && range.substr(0, 6) == "bytes=") { range = range.substr(6); std::istringstream iss(range); iss >> range_start;