diff options
author | Michael Vogt <mvo@ubuntu.com> | 2015-05-22 15:28:53 +0200 |
---|---|---|
committer | Michael Vogt <mvo@ubuntu.com> | 2015-05-22 17:52:41 +0200 |
commit | 7c4511322e22c3d97c6d892204af67d240416e69 (patch) | |
tree | 158e18fc2728599166c9803b3e58dea5e76c2827 /methods/server.h | |
parent | 4694e07d450baa13fa04482752ca369a5797c640 (diff) |
Fix endless loop in apt-get update that can cause disk fillup
The apt http code parses Content-Length and Content-Range. For
both requests the variable "Size" is used and the semantic for
this Size is the total file size. However Content-Length is not
the entire file size for partital file requests. For servers that
send the Content-Range header first and then the Content-Length
header this can lead to globbing of Size so that its less than
the real file size. This may lead to a subsequent passing of a
negative number into the CircleBuf which leads to a endless
loop that writes data.
Thanks to Anton Blanchard for the analysis and initial patch.
LP: #1445239
Diffstat (limited to 'methods/server.h')
-rw-r--r-- | methods/server.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/methods/server.h b/methods/server.h index 1b81e3549..ed3cb456a 100644 --- a/methods/server.h +++ b/methods/server.h @@ -34,7 +34,8 @@ struct ServerState char Code[360]; // These are some statistics from the last parsed header lines - unsigned long long Size; // size of the usable content (aka: the file) + unsigned long long Size; // total size of the usable content (aka: the file) + unsigned long long DownloadSize; // size we actually download (can be smaller than Size if we have partial content) unsigned long long JunkSize; // size of junk content (aka: server error pages) unsigned long long StartPos; time_t Date; |