Looking this over, I started with the below section:
if (sum_lengths >= clength) {
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
"Sum of ranges not smaller than file, ignoring.");
return 0;
}
which, at 1st blush looks like what we need to worry about… if
sum_lengths == clength, we can assume they sent 0…
But then I noticed how we are counting sum_lengths, and saw that
we have an issue.
Assume they send:
0999,10029999,19999
and clen is 10000. When this is merged, we get the following
pattern:
0999,19999
and we see that the subsequent sum of lengths is > clength
and we decide to go 200 on 'em. Anyway, this means we can't
use sum_lengths == clength as a check… It
And since we only merge once, we can get the absolute smallest
list of ranges that cover what they sent…
Sooooo, I suggest we look for an actual '0' in their input
as the trigger for the 200/206 decision.
If we DO see that, should be force a single range? That is, if
they send:
1100, 200300, 0, 309999
Should we ignore all but the 0 and send a single range
and 206?
