(tomcat) 01/02: Revert "Reject Range-Request if those ranges are not strictly in ascending order (#791)"

Tue, 03 Dec 2024 23:45:55 -0800 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit b6d14c2a5c1f68b5788475d2edbc8579e7d6467f
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Dec 4 07:43:37 2024 +0000

    Revert "Reject Range-Request if those ranges are not strictly in ascending 
order (#791)"
    
    This reverts commit 19efe70c8732f78803b9cff9be0a63c8f6202a8a.
---
 .../apache/catalina/servlets/DefaultServlet.java   | 22 +++++++++++++++-------
 .../servlets/TestDefaultServletRangeRequests.java  |  3 ---
 2 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java 
b/java/org/apache/catalina/servlets/DefaultServlet.java
index 62211b98f6..25c8426ba3 100644
--- a/java/org/apache/catalina/servlets/DefaultServlet.java
+++ b/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -1240,7 +1240,7 @@ public class DefaultServlet extends HttpServlet {
     }
 
     private static boolean validate(Ranges ranges, long length) {
-        long prevEnd = -1;
+        List<long[]> rangeContext = new ArrayList<>();
         for (Ranges.Entry range : ranges.getEntries()) {
             long start = getStart(range, length);
             long end = getEnd(range, length);
@@ -1249,13 +1249,21 @@ public class DefaultServlet extends HttpServlet {
                 return false;
             }
             // See https://www.rfc-editor.org/rfc/rfc9110.html#status.416
-            // No good reason for ranges to overlap or not listed in ascending 
order, so always reject
-            if (prevEnd < 0 || prevEnd < start) {
-                // first range entry or strictly greater than previous range 
entry.
-                prevEnd = end;
-            } else {
-                return false;
+            // No good reason for ranges to overlap so always reject
+            for (long[] r : rangeContext) {
+                long s2 = r[0];
+                long e2 = r[1];
+                // Given valid [s1,e1] and [s2,e2]
+                // If { s1>e2 || s2>e1 } then no overlap
+                // equivalent to
+                // If not { s1>e2 || s2>e1 } then overlap
+                // De Morgan's law
+                if (start <= e2 && s2 <= end) {
+                    // isOverlap
+                    return false;
+                }
             }
+            rangeContext.add(new long[] { start, end });
         }
         return true;
     }
diff --git 
a/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java 
b/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
index 7a13839c97..ccd41fbc26 100644
--- a/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
+++ b/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
@@ -66,9 +66,6 @@ public class TestDefaultServletRangeRequests extends 
TomcatBaseTest {
         // Invalid overlapping ranges
         parameterSets.add(new Object[] { "bytes=1-100, 30-50", null, 
Integer.valueOf(416), "", "*/" + len });
         parameterSets.add(new Object[] { "bytes=1-100, 90-150", null, 
Integer.valueOf(416), "", "*/" + len });
-        // Invalid ranges that not in ascending order
-        parameterSets.add(new Object[] { "bytes=0-5, 6-10, 80-90, 60-70", 
null, Integer.valueOf(416), "", "*/" + len });
-        parameterSets.add(new Object[] { "bytes=0-5, -10, 60-70", null, 
Integer.valueOf(416), "", "*/" + len });
         // Invalid no equals
         parameterSets.add(new Object[] { "bytes 1-10", null, 
Integer.valueOf(416), "", "*/" + len });
         parameterSets.add(new Object[] { "bytes1-10", null, 
Integer.valueOf(416), "", "*/" + len });


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to