[bugfix] Range filter: more appropriate restriction on max ranges.
Maxim Dounin
mdounin at mdounin.ru
Thu Nov 9 17:40:50 UTC 2017
Hello!
On Fri, Nov 10, 2017 at 01:08:58AM +0800, 胡聪 (hucc) wrote:
> Hi,
>
> On Thursday, Nov 9, 2017 10:18 PM +0300, Maxim Dounin wrote:
>
> >On Fri, Oct 27, 2017 at 06:48:52PM +0800, 胡聪 (hucc) wrote:
> >
> >> # HG changeset patch
> >> # User hucongcong <hucong.c at foxmail.com>
> >> # Date 1509099660 -28800
> >> # Fri Oct 27 18:21:00 2017 +0800
> >> # Node ID b9850d3deb277bd433a689712c40a84401443520
> >> # Parent 9ef704d8563af4aff6817ab1c694fb40591f20b3
> >> Range filter: more appropriate restriction on max ranges.
> >>
> >> diff -r 9ef704d8563a -r b9850d3deb27 src/http/modules/ngx_http_range_filter_module.c
> >> --- a/src/http/modules/ngx_http_range_filter_module.c Tue Oct 17 19:52:16 2017 +0300
> >> +++ b/src/http/modules/ngx_http_range_filter_module.c Fri Oct 27 18:21:00 2017 +0800
> >> @@ -369,6 +369,11 @@ ngx_http_range_parse(ngx_http_request_t
> >> found:
> >>
> >> if (start < end) {
> >> +
> >> + if (ranges-- == 0) {
> >> + return NGX_DECLINED;
> >> + }
> >> +
> >> range = ngx_array_push(&ctx->ranges);
> >> if (range == NULL) {
> >> return NGX_ERROR;
> >> @@ -383,10 +388,6 @@ ngx_http_range_parse(ngx_http_request_t
> >>
> >> size += end - start;
> >>
> >> - if (ranges-- == 0) {
> >> - return NGX_DECLINED;
> >> - }
> >> -
> >> } else if (start == 0) {
> >> return NGX_DECLINED;
> >> }
> >
> >There is no real difference, and the current code looks slightly
> >more readable for me, so I would rather leave it as is.
>
> We assume that max_ranges is configured as 1, CL is the length of
> representation and is equal to NGX_MAX_OFF_T_VALUE. Based on this,
> 416 will be returned if the byte-range-set is '0-9, 7-CL';
> and 200 will be returned if the byte-range-set is '0-9, 7-100'.
> This is the difference, although the situation is rare, but it exists.
>
> I knew that the current code is slightly more readable. The problem
> here is consistency and predictability from user point of view, which
> is the rule I learned from
> http://mailman.nginx.org/pipermail/nginx-devel/2017-March/009687.html.
> Not to mention that correctness is more important than readability
> from server (nginx) point of view.
Both 200 and 416 are correct responses in the particular situation
described: 416 is quite normal when a user tries to request more
than NGX_MAX_OFF_T_VALUE bytes, and 200 is quite normal when a
user tries to request more ranges than allowed by max_ranges.
Which status to use doesn't really matter, as in both cases no
range processing will be done and both status codes are correct.
In this particular case I would prefer 416 as currently returned,
as it is more in line with what is returned when there is no
max_ranges limit configured.
(It might be also a good idea to apply max_ranges limit only after
parsing all ranges, so that "Range: bytes=0-0,1-1,foo" would
consistently result in 416 regardless of max_ranges configured,
but this does not seem to be important enough to care.)
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx-devel
mailing list