diff --git a/app/models/range_request.rb b/app/models/range_request.rb index 49e96025..9f41e131 100644 --- a/app/models/range_request.rb +++ b/app/models/range_request.rb @@ -413,7 +413,10 @@ def response_range(info) end_range = info[:range_end_bytes_max] if end_range > info[:range_end_bytes_max] # e.g. bytes=0-499, max_range_size=500 => 499 - 0 + 1 = 500 > 500 if (end_range - start_range + CONVERT_INDEX_TO_LENGTH) > @max_range_size - raise StandardError.new("Range request maximum exceeded") + fail CustomErrors::BadRequestError, 'The requested range exceeded the maximum allowed.' + end + if start_range > end_range + fail CustomErrors::BadRequestError, 'The requested range specified a first byte that was greater than the last byte.' end return_value[:range_start_bytes].push(start_range) diff --git a/spec/models/range_request_spec.rb b/spec/models/range_request_spec.rb index b1692985..28ec1685 100644 --- a/spec/models/range_request_spec.rb +++ b/spec/models/range_request_spec.rb @@ -155,15 +155,15 @@ context 'special open end range case' do # this test case comes from a real-world production bug: https://github.com/QutBioacoustics/baw-server/issues/318 - # the second part of a large range request triggers a negative content length and negative gradient in the content - # range header. + # the second part of a large range request triggers a negative content length and the last part of the content + # range header to be less than the first part. # before bug fix: # file_size: 822281 # request: "Range: bytes 512001-" # info[:range_start]: 512001 - # info[:range_end]: 310279 <-- problem, negative range! + # info[:range_end]: 310279 <-- problem, end less than start! # info[:response_headers]['Content-Length']: -201721 <-- problem, negative range! it 'should succeed with: [single range] special test case, open range greater than max range size' do mock_request.headers[RangeRequest::HTTP_HEADER_RANGE] = 'bytes=512001-'