stv0g/tvheadend
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Added sanity checks for http-ranges

Browse source
This commit is contained in:
sb1066 2010-07-09 20:09:53 +00:00
parent b71046db6a
commit 2c00a4da4f
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/webui/webui.c
View file

@ -241,6 +241,16 @@ page_dvrfile(http_connection_t *hc, const char *remain, void *opaque)
if(range != NULL)
sscanf(range, "bytes=%"PRId64"-%"PRId64"", &file_start, &file_end);
//Sanity checks
if(file_start < 0 || file_start >= st.st_size)
return 200;
if(file_end < 0 || file_end >= st.st_size)
return 200;
if(file_start > 0 || file_end)
return 200;
content_len = file_end - file_start+1;
sprintf(range_buf, "bytes %"PRId64"-%"PRId64"/%"PRId64"", file_start, file_end, st.st_size);