commit | ef20f76b8bc4e082d5f81fd818890d707751475b | [log] [tgz] |
---|---|---|
author | Emmanuel T Odeke <emmanuel@orijtech.com> | Wed Sep 02 01:08:02 2020 -0700 |
committer | Emmanuel Odeke <emm.odeke@gmail.com> | Wed Sep 02 21:50:41 2020 +0000 |
tree | 00fea98a284a5a90d2f8b91f18194853689a0a29 | |
parent | be9ed03f1aa5f348aa836c4ffe1904d8e37a629a [diff] |
net/http: reject negative suffix-length Range:bytes=--N with 416 status code Fixes the file server to reject requests of the form: "Range": "bytes=--N" where "-N" is a negative suffix-length as designated by the grammar in RFC 7233 Section 2.1, "Byte-Ranges", which specifies that suffix-length MUST be of the form 1*DIGIT aka a non-negative digit. Thus requests such as: "Range": "bytes=--2" will be rejected with a "416 Range Not Satisfiable" response. Fixes #40940 Change-Id: I3e89f8326c14af30d8bdb126998a50e02ba002d9 Reviewed-on: https://go-review.googlesource.com/c/go/+/252497 Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Bryan C. Mills <bcmills@google.com>
Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.
Gopher image by Renee French, licensed under Creative Commons 3.0 Attributions license.
Our canonical Git repository is located at https://go.googlesource.com/go. There is a mirror of the repository at https://github.com/golang/go.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
Official binary distributions are available at https://golang.org/dl/.
After downloading a binary release, visit https://golang.org/doc/install or load doc/install.html in your web browser for installation instructions.
If a binary distribution is not available for your combination of operating system and architecture, visit https://golang.org/doc/install/source or load doc/install-source.html in your web browser for source installation instructions.
Go is the work of thousands of contributors. We appreciate your help!
To contribute, please read the contribution guidelines: https://golang.org/doc/contribute.html
Note that the Go project uses the issue tracker for bug reports and proposals only. See https://golang.org/wiki/Questions for a list of places to ask questions about the Go language.