Truly minor inconsistency in mod_rangecnt.c

[Tom Evans]

Hi Dirk-Willem, list.

I wasn't sure whether to mail this in, it is inconsequential; the
module is supposed to count the number of ranges, but it actually
counts the number of commas between ranges, leading to an off-by-one.
IE, a request with 6 ranges would not be rejected, where as the code
has #define MAXRANGEHEADERS (5).

Its truly minor, but made my test tool to determine whether a server
is vulnerable to give some false positives, as it was sending 5 ranges
and expecting a 417.

Cheers

Tom

Re: Truly minor inconsistency in mod_rangecnt.c

[Dirk-Willem van Gulik]

On 25 Aug 2011, at 15:53, Tom Evans wrote:

 I wasn't sure whether to mail this in, it is inconsequential; the
 module is supposed to count the number of ranges, but it actually
 counts the number of commas between ranges, leading to an off-by-one.
 IE, a request with 6 ranges would not be rejected, where as the code
 has #define MAXRANGEHEADERS (5).

Yup - spot on - that is indeed a bug. And actually - with what we know
now - that number should probably be a 100 or so.

 Its truly minor, but made my test tool to determine whether a server
 is vulnerable to give some false positives, as it was sending 5 ranges
 and expecting a 417.

But lets fix it fixed :)

Thanks!

Dw.