From a854ec1e4ca9b89a58764b14de785c22519e63eb Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 17 May 2021 14:14:25 +0200 Subject: mod_http_file_share: Handle out of bounds Range request Turns out you can seek past the end of the file without getting an error. Also rejects empty range instead of sending the whole file. --- plugins/mod_http_file_share.lua | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/plugins/mod_http_file_share.lua b/plugins/mod_http_file_share.lua index 4b6030bf..ba6b97c5 100644 --- a/plugins/mod_http_file_share.lua +++ b/plugins/mod_http_file_share.lua @@ -361,10 +361,15 @@ function handle_download(event, path) -- GET /uploads/:slot+filename if request_range then local range_start, range_end = request_range:match("^bytes=(%d+)%-(%d*)$") -- Only support resumption, ie ranges from somewhere in the middle until the end of the file. - if (range_start and range_start ~= "0" and range_start ~= filesize) and (range_end == "" or range_end == filesize) then - if handle:seek("set", tonumber(range_start)) then + if (range_start and range_start ~= "0") and (range_end == "" or range_end == filesize) then + local pos, size = tonumber(range_start), tonumber(filesize); + local new_pos = pos < size and handle:seek("set", pos); + if new_pos and new_pos < size then response_range = "bytes "..range_start.."-"..filesize.."/"..filesize; - filesize = string.format("%d", tonumber(filesize)-tonumber(range_start)); + filesize = string.format("%d", size-pos); + else + handle:close(); + return 416; end end end -- cgit v1.2.3