net/http: ignore malicious or dumb Range requests

R=golang-dev, adg
CC=golang-dev
https://golang.org/cl/6356050

src/pkg/net/http/fs.go

@@ -152,6 +152,13 @@ func serveContent(w ResponseWriter, r *Request, name string, modtime time.Time,
 			Error(w, err.Error(), StatusRequestedRangeNotSatisfiable)
 			return
 		}
+		if sumRangesSize(ranges) >= size {
+			// The total number of bytes in all the ranges
+			// is larger the the size of the file by
+			// itself, so this is probably an attack, or a
+			// dumb client.  Ignore the range request.
+			ranges = nil
+		}
 		switch {
 		case len(ranges) == 1:
 			// RFC 2616, Section 14.16:
@@ -446,3 +453,10 @@ func rangesMIMESize(ranges []httpRange, contentType string, contentSize int64) (
 	encSize += int64(w)
 	return
 }
+
+func sumRangesSize(ranges []httpRange) (size int64) {
+	for _, ra := range ranges {
+		size += ra.length
+	}
+	return
+}

src/pkg/net/http/fs_test.go

@@ -50,6 +50,7 @@ var ServeFileRangeTests = []struct {
 	{r: "bytes=0-0,-2", code: StatusPartialContent, ranges: []wantRange{{0, 1}, {testFileLen - 2, testFileLen}}},
 	{r: "bytes=0-1,5-8", code: StatusPartialContent, ranges: []wantRange{{0, 2}, {5, 9}}},
 	{r: "bytes=0-1,5-", code: StatusPartialContent, ranges: []wantRange{{0, 2}, {5, testFileLen}}},
+	{r: "bytes=0-,1-,2-,3-,4-", code: StatusOK}, // ignore wasteful range request
 }
 
 func TestServeFile(t *testing.T) {