[core] range chk http_chunk_append_file_ref_range

add range sanity check in http_chunk_append_file_ref_range() (before potentially sending HTTP/1.1 chunked header)
author: Glenn Strauss <gstrauss@gluelogic.com> 2021-05-14 02:40:22 -0400
committer: Glenn Strauss <gstrauss@gluelogic.com> 2021-05-14 03:43:18 -0400
commit: 1ce82209473ff403d3fdc08e0202382af2d55e95 (patch)
tree: b9da7bd2dd59990937fc22bed9d4aa25cb6f788b /src/http_chunk.c
parent: f0da8dd910c3eff08bc0fb62a3bf0666187e9ee5 (diff)
download: lighttpd-git-1ce82209473ff403d3fdc08e0202382af2d55e95.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/src/http_chunk.c b/src/http_chunk.c
index 44e56a03..f4916f94 100644
--- a/src/http_chunk.c
+++ b/src/http_chunk.c
@@ -92,9 +92,14 @@ static int http_chunk_append_read_fd_range(request_st * const r, const buffer *
     return (rd >= 0) ? 0 : -1;
 }
 
-void http_chunk_append_file_ref_range(request_st * const r, stat_cache_entry * const sce, const off_t offset, const off_t len) {
+void http_chunk_append_file_ref_range(request_st * const r, stat_cache_entry * const sce, const off_t offset, off_t len) {
     chunkqueue * const cq = &r->write_queue;
 
+    if (sce->st.st_size - offset < len)
+        len = sce->st.st_size - offset;
+    if (len <= 0)
+        return;
+
     if (r->resp_send_chunked)
         http_chunk_len_append(cq, (uintmax_t)len);
author	Glenn Strauss <gstrauss@gluelogic.com>	2021-05-14 02:40:22 -0400
committer	Glenn Strauss <gstrauss@gluelogic.com>	2021-05-14 03:43:18 -0400
commit	1ce82209473ff403d3fdc08e0202382af2d55e95 (patch)
tree	b9da7bd2dd59990937fc22bed9d4aa25cb6f788b /src/http_chunk.c
parent	f0da8dd910c3eff08bc0fb62a3bf0666187e9ee5 (diff)
download	lighttpd-git-1ce82209473ff403d3fdc08e0202382af2d55e95.tar.gz