diff options
author | Kim Alvefur <zash@zash.se> | 2021-05-17 14:14:25 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2021-05-17 14:14:25 +0200 |
commit | a854ec1e4ca9b89a58764b14de785c22519e63eb (patch) | |
tree | 6aa1d63007caca1893936968ee8f77542d821231 | |
parent | f650ac55372078ef52bea9da68d881db7c756f11 (diff) | |
download | prosody-a854ec1e4ca9b89a58764b14de785c22519e63eb.tar.gz prosody-a854ec1e4ca9b89a58764b14de785c22519e63eb.zip |
mod_http_file_share: Handle out of bounds Range request
Turns out you can seek past the end of the file without getting an
error.
Also rejects empty range instead of sending the whole file.
-rw-r--r-- | plugins/mod_http_file_share.lua | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/plugins/mod_http_file_share.lua b/plugins/mod_http_file_share.lua index 4b6030bf..ba6b97c5 100644 --- a/plugins/mod_http_file_share.lua +++ b/plugins/mod_http_file_share.lua @@ -361,10 +361,15 @@ function handle_download(event, path) -- GET /uploads/:slot+filename if request_range then local range_start, range_end = request_range:match("^bytes=(%d+)%-(%d*)$") -- Only support resumption, ie ranges from somewhere in the middle until the end of the file. - if (range_start and range_start ~= "0" and range_start ~= filesize) and (range_end == "" or range_end == filesize) then - if handle:seek("set", tonumber(range_start)) then + if (range_start and range_start ~= "0") and (range_end == "" or range_end == filesize) then + local pos, size = tonumber(range_start), tonumber(filesize); + local new_pos = pos < size and handle:seek("set", pos); + if new_pos and new_pos < size then response_range = "bytes "..range_start.."-"..filesize.."/"..filesize; - filesize = string.format("%d", tonumber(filesize)-tonumber(range_start)); + filesize = string.format("%d", size-pos); + else + handle:close(); + return 416; end end end |