Fix endless loop in apt-get update that can cause disk fillup

The apt http code parses Content-Length and Content-Range. For both requests the variable "Size" is used and the semantic for this Size is the total file size. However Content-Length is not the entire file size for partital file requests. For servers that send the Content-Range header first and then the Content-Length header this can lead to globbing of Size so that its less than the real file size. This may lead to a subsequent passing of a negative number into the CircleBuf which leads to a endless loop that writes data. Thanks to Anton Blanchard for the analysis and initial patch. LP: #1445239
author: Michael Vogt <mvo@ubuntu.com> 2015-05-22 15:28:53 +0200
committer: Michael Vogt <mvo@ubuntu.com> 2015-05-22 15:28:53 +0200
commit: ceafe8a6edc815df2923ba892894617829e9d3c2 (patch)
tree: 82f8e819f161b7f79d510d51b51b191f12840c8e /methods/http.cc
parent: 68be2fbb252a71303046e2ca7866cd659a91b585 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/methods/http.cc b/methods/http.cc
index 1b996db98..ad90c9891 100644
--- a/methods/http.cc
+++ b/methods/http.cc
@@ -443,7 +443,7 @@ bool HttpServerState::RunData(FileFd * const File)
       else if (JunkSize != 0)
 	 In.Limit(JunkSize);
       else
-	 In.Limit(Size - StartPos);
+	 In.Limit(DownloadSize);
       
       // Just transfer the whole block.
       do
author	Michael Vogt <mvo@ubuntu.com>	2015-05-22 15:28:53 +0200
committer	Michael Vogt <mvo@ubuntu.com>	2015-05-22 15:28:53 +0200
commit	ceafe8a6edc815df2923ba892894617829e9d3c2 (patch)
tree	82f8e819f161b7f79d510d51b51b191f12840c8e /methods/http.cc
parent	68be2fbb252a71303046e2ca7866cd659a91b585 (diff)