From 374d09ff4081ea5bbbf70f412ea7c0b037b779e9 Mon Sep 17 00:00:00 2001
From: Anders Kaseorg <andersk@mit.edu>
Date: Sun, 11 Jul 2010 23:09:59 -0400
Subject: [PATCH] Check bounds on byte range specifiers.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
---
 StaticCat.hs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/StaticCat.hs b/StaticCat.hs
index 9f8881c..b5d03fc 100644
--- a/StaticCat.hs
+++ b/StaticCat.hs
@@ -125,8 +125,8 @@ checkIfRange mTime = do
 parseRange :: String -> FileOffset -> Maybe (FileOffset, FileOffset)
 parseRange (splitAt 6 -> ("bytes=", readDec -> [(a, "-")])) size =
     Just (a, size - 1)
-parseRange (splitAt 6 -> ("bytes=", readDec -> [(a, '-':(readDec -> [(b, "")]))])) _ =
-    Just (a, b)
+parseRange (splitAt 6 -> ("bytes=", readDec -> [(a, '-':(readDec -> [(b, "")]))])) size =
+    Just (a, min (size - 1) b)
 parseRange _ _ = Nothing
 
 checkRange :: EpochTime -> FileOffset -> CGI (Maybe (FileOffset, FileOffset))
-- 
2.45.0