On 25 Aug 2011, at 15:53, Tom Evans wrote:
I wasn't sure whether to mail this in, it is inconsequential; the
module is supposed to count the number of ranges, but it actually
counts the number of commas between ranges, leading to an off-by-one.
IE, a request with 6 ranges would not be rejected, where as the code
has #define MAXRANGEHEADERS (5).
Yup - spot on - that is indeed a bug. And actually - with what we know
now - that number should probably be a 100 or so.
Its truly minor, but made my test tool to determine whether a server
is vulnerable to give some false positives, as it was sending 5 ranges
and expecting a 417.
But lets fix it fixed :)
Thanks!
Dw.