An anonymous submitter filed bug #1299181

(http://curl.haxx.se/bug/view.cgi?id=1299181) that identified a silly problem with Content-Range: headers with the 'bytes' keyword written in a different case than all lowercase! It would cause a segfault!

An anonymous submitter filed bug #1299181
(http://curl.haxx.se/bug/view.cgi?id=1299181) that identified a silly problem with Content-Range: headers with the 'bytes' keyword written in a different case than all lowercase! It would cause a segfault!
b4c53e2c · Daniel Stenberg · a2902de6 · b4c53e2c · b4c53e2c · b4c53e2c
Commit b4c53e2c authored 19 years ago by Daniel Stenberg
--- a/CHANGES
+++ b/CHANGES
@@ -8,6 +8,11 @@


 Daniel (27 September 2005)
+- An anonymous submitter filed bug #1299181
+  (http://curl.haxx.se/bug/view.cgi?id=1299181) that identified a silly
+  problem with Content-Range: headers with the 'bytes' keyword written in a
+  different case than all lowercase! It would cause a segfault!
+
 - TJ Saunders of the proftpd project identified and pointed out problems with
  the modified FTPS negotiation change of August 19 2005. Thus, we revert the
  change back to pre-7.14.1 status.

--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -16,6 +16,7 @@ This release includes the following changes:

 This release includes the following bugfixes:

+ o HTTP Content-Range header parser crash
 o FTPS negotiation timeouts/errors
 o SSPI works even for Windows 9x
 o crash in --dump-header on FTP
@@ -23,6 +24,10 @@ This release includes the following bugfixes:

 Other curl-related news since the previous public release:

+ o All curl relatd mailing list information and subscribers on cool.haxx.se
+   were lost due to a malicious user exploiting a security hole on the
+   server. Attempts have been made to put back susbcribers on the lists, but
+   many have been lost.
 o New S-Lang binding: http://curl.haxx.se/libcurl/slang/
 o TclCurl 0.14.1: http://personal1.iddeo.es/andresgarci/tclcurl/english/
 o pycurl 7.14.1: http://pycurl.sf.net/

--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -880,11 +880,11 @@ CURLcode Curl_readwrite(struct connectdata *conn,
              /* Content-Range: bytes [num]-
                 Content-Range: bytes: [num]-

-                 The second format was added August 1st 2000 by Igor
-                 Khristophorov since Sun's webserver JavaWebServer/1.1.1
-                 obviously sends the header this way! :-( */
+                 The second format was added since Sun's webserver
+                 JavaWebServer/1.1.1 obviously sends the header this way!
+              */

-              char *ptr = strstr(k->p, "bytes");
+              char *ptr = Curl_strcasestr(k->p, "bytes");
              ptr+=5;

              if(*ptr == ':')