From ca304cd08e9f8d37e4027f2f71dd77ebba3a30f9 Mon Sep 17 00:00:00 2001
From: Samuel Merritt <sam@swiftstack.com>
Date: Fri, 15 Apr 2016 17:22:44 -0700
Subject: [PATCH] Ignore negative suffix-byte-range requests.

If the client asked for "Range: bytes=--123", Swift would respond with
a 206 and a Content-Length of -123. Now that Range header is ignored
just like all kinds of other invalid Range headers.

Change-Id: I30d4522d223076ce342d20c52f57ff0eb2aea1f4
Closes-Bug: 1571106
---
 swift/common/swob.py          |  4 +++-
 test/unit/common/test_swob.py | 26 ++++++++++++++------------
 2 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/swift/common/swob.py b/swift/common/swob.py
index 704212084d..0954ef9d3c 100644
--- a/swift/common/swob.py
+++ b/swift/common/swob.py
@@ -486,7 +486,9 @@ class Range(object):
                 # when end contains non numeric value, this also causes
                 # ValueError
                 end = int(end)
-                if start is not None and end < start:
+                if end < 0:
+                    raise ValueError('Invalid Range header: %s' % headerval)
+                elif start is not None and end < start:
                     raise ValueError('Invalid Range header: %s' % headerval)
             else:
                 end = None
diff --git a/test/unit/common/test_swob.py b/test/unit/common/test_swob.py
index fede30785d..4f8d8f7be9 100644
--- a/test/unit/common/test_swob.py
+++ b/test/unit/common/test_swob.py
@@ -231,12 +231,13 @@ class TestRange(unittest.TestCase):
 
     def test_range_invalid_syntax(self):
 
-        def _check_invalid_range(range_value):
+        def _assert_invalid_range(range_value):
             try:
                 swift.common.swob.Range(range_value)
-                return False
+                self.fail("Expected %r to be invalid, but wasn't" %
+                          (range_value,))
             except ValueError:
-                return True
+                pass
 
         """
         All the following cases should result ValueError exception
@@ -248,15 +249,16 @@ class TestRange(unittest.TestCase):
         6. any combination of the above
         """
 
-        self.assertTrue(_check_invalid_range('nonbytes=foobar,10-2'))
-        self.assertTrue(_check_invalid_range('bytes=5-3'))
-        self.assertTrue(_check_invalid_range('bytes=-'))
-        self.assertTrue(_check_invalid_range('bytes=45'))
-        self.assertTrue(_check_invalid_range('bytes=foo-bar,3-5'))
-        self.assertTrue(_check_invalid_range('bytes=4-10,45'))
-        self.assertTrue(_check_invalid_range('bytes=foobar,3-5'))
-        self.assertTrue(_check_invalid_range('bytes=nonumber-5'))
-        self.assertTrue(_check_invalid_range('bytes=nonumber'))
+        _assert_invalid_range('nonbytes=foobar,10-2')
+        _assert_invalid_range('bytes=5-3')
+        _assert_invalid_range('bytes=-')
+        _assert_invalid_range('bytes=45')
+        _assert_invalid_range('bytes=foo-bar,3-5')
+        _assert_invalid_range('bytes=4-10,45')
+        _assert_invalid_range('bytes=foobar,3-5')
+        _assert_invalid_range('bytes=nonumber-5')
+        _assert_invalid_range('bytes=nonumber')
+        _assert_invalid_range('bytes=--1')
 
 
 class TestMatch(unittest.TestCase):