On 25 Aug 2011, at 15:53, Tom Evans wrote: > I wasn't sure whether to mail this in, it is inconsequential; the > module is supposed to count the number of ranges, but it actually > counts the number of commas between ranges, leading to an off-by-one. > IE, a request with 6 ranges would not be rejected, where as the code > has #define MAXRANGEHEADERS (5).
Yup - spot on - that is indeed a bug. And actually - with what we know now - that number should probably be a 100 or so. > Its truly minor, but made my test tool to determine whether a server > is vulnerable to give some false positives, as it was sending 5 ranges > and expecting a 417. But lets fix it.... fixed :) Thanks! Dw.