|author||Emmanuel T Odeke <email@example.com>||Wed Sep 02 01:08:02 2020 -0700|
|committer||Emmanuel Odeke <firstname.lastname@example.org>||Wed Sep 02 21:50:41 2020 +0000|
net/http: reject negative suffix-length Range:bytes=--N with 416 status code Fixes the file server to reject requests of the form: "Range": "bytes=--N" where "-N" is a negative suffix-length as designated by the grammar in RFC 7233 Section 2.1, "Byte-Ranges", which specifies that suffix-length MUST be of the form 1*DIGIT aka a non-negative digit. Thus requests such as: "Range": "bytes=--2" will be rejected with a "416 Range Not Satisfiable" response. Fixes #40940 Change-Id: I3e89f8326c14af30d8bdb126998a50e02ba002d9 Reviewed-on: https://go-review.googlesource.com/c/go/+/252497 Run-TryBot: Emmanuel Odeke <email@example.com> TryBot-Result: Gobot Gobot <firstname.lastname@example.org> Reviewed-by: Bryan C. Mills <email@example.com>
Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
Official binary distributions are available at https://golang.org/dl/.
If a binary distribution is not available for your combination of operating system and architecture, visit https://golang.org/doc/install/source or load doc/install-source.html in your web browser for source installation instructions.
Go is the work of thousands of contributors. We appreciate your help!
To contribute, please read the contribution guidelines: https://golang.org/doc/contribute.html
Note that the Go project uses the issue tracker for bug reports and proposals only. See https://golang.org/wiki/Questions for a list of places to ask questions about the Go language.