diff options
author | Michael Vogt <mvo@ubuntu.com> | 2015-05-22 15:28:53 +0200 |
---|---|---|
committer | Michael Vogt <mvo@ubuntu.com> | 2015-05-22 15:28:53 +0200 |
commit | ceafe8a6edc815df2923ba892894617829e9d3c2 (patch) | |
tree | 82f8e819f161b7f79d510d51b51b191f12840c8e /methods/rred.cc | |
parent | 68be2fbb252a71303046e2ca7866cd659a91b585 (diff) |
Fix endless loop in apt-get update that can cause disk fillup
The apt http code parses Content-Length and Content-Range. For
both requests the variable "Size" is used and the semantic for
this Size is the total file size. However Content-Length is not
the entire file size for partital file requests. For servers that
send the Content-Range header first and then the Content-Length
header this can lead to globbing of Size so that its less than
the real file size. This may lead to a subsequent passing of a
negative number into the CircleBuf which leads to a endless
loop that writes data.
Thanks to Anton Blanchard for the analysis and initial patch.
LP: #1445239
Diffstat (limited to 'methods/rred.cc')
0 files changed, 0 insertions, 0 deletions