From 9b8e2bdeb6abe8b42818ad2c9e4e118b09474261 Mon Sep 17 00:00:00 2001 From: Hiltjo Posthuma Date: Tue, 4 Jul 2017 18:18:24 +0200 Subject: [PATCH] byte-range: fix range check for upper limit the range check was done after the check lower > upper so if it meets these conditions: lower <= upper and lower > st.st_size then lower could still be > upper. --- quark.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quark.c b/quark.c index d05385c..7408fc8 100644 --- a/quark.c +++ b/quark.c @@ -667,10 +667,10 @@ sendresponse(int fd, struct request *r) } /* sanitize range */ + upper = MIN(st.st_size, upper); if (lower < 0 || upper < 0 || lower > upper) { return sendstatus(fd, S_BAD_REQUEST); } - upper = MIN(st.st_size, upper); } /* mime */