From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00 shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id ECA981F9FE for ; Tue, 4 Jun 2019 11:27:50 +0000 (UTC) From: Eric Wong To: meta@public-inbox.org Subject: [PATCH 14/24] githttpbackend: require Range:, Status: to be ASCII digits Date: Tue, 4 Jun 2019 11:27:38 +0000 Message-Id: <20190604112748.23598-15-e@80x24.org> In-Reply-To: <20190604112748.23598-1-e@80x24.org> References: <20190604112748.23598-1-e@80x24.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit List-Id: Non-ASCII digits would be interpreted as a zeroes as integers. While we're at it, ensure the Status: code is an ASCII digit, too; though I would not expect git-http-backend(1) or cgit(1) start spewing non-ASCII digits at us. --- lib/PublicInbox/GitHTTPBackend.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/PublicInbox/GitHTTPBackend.pm b/lib/PublicInbox/GitHTTPBackend.pm index 0941104..e871bdd 100644 --- a/lib/PublicInbox/GitHTTPBackend.pm +++ b/lib/PublicInbox/GitHTTPBackend.pm @@ -90,7 +90,7 @@ sub static_result ($$$$) { my $len = $size; my $code = 200; push @$h, 'Content-Type', $type; - if (($env->{HTTP_RANGE} || '') =~ /\bbytes=(\d*)-(\d*)\z/) { + if (($env->{HTTP_RANGE} || '') =~ /\bbytes=([0-9]*)-([0-9]*)\z/) { ($code, $len) = prepare_range($env, $in, $h, $1, $2, $size); if ($code == 416) { push @$h, 'Content-Range', "bytes */$size"; @@ -260,7 +260,7 @@ sub parse_cgi_headers { foreach my $l (split(/\r?\n/, $h)) { my ($k, $v) = split(/:\s*/, $l, 2); if ($k =~ /\AStatus\z/i) { - ($code) = ($v =~ /\b(\d+)\b/); + ($code) = ($v =~ /\b([0-9]+)\b/); } else { push @h, $k, $v; } -- EW