fix: validate end < size when parsing Content-Range headers

paolobarbolini · paolobarbolini · commit 83a74fd849a9 · 2026-02-07T11:10:08.000+01:00
The `FromStr` impl for `HttpContentRange` constructed `Bound` directly,
bypassing the `end &lt; size` validation that `Bound::new()` enforces.
Headers like `bytes 10-20/15` were incorrectly accepted.
diff --git a/src/headers/content_range.rs b/src/headers/content_range.rs
@@ -86,10 +86,15 @@ impl FromStr for HttpContentRange {
             (ParsedRange::Range(range), ParsedSize::Star) => {
                 Ok(Self::Bound(Bound { range, size: None }))
             }
-            (ParsedRange::Range(range), ParsedSize::Value(size)) => Ok(Self::Bound(Bound {
-                range,
-                size: Some(size),
-            })),
+            (ParsedRange::Range(range), ParsedSize::Value(size)) if range.end() < size => {
+                Ok(Self::Bound(Bound {
+                    range,
+                    size: Some(size),
+                }))
+            }
+            (ParsedRange::Range(_), ParsedSize::Value(_)) => {
+                Err(ParseHttpRangeOrContentRangeError::MalformedRange)
+            }
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -86,10 +86,15 @@ impl FromStr for HttpContentRange {`
`86`	`86`	`(ParsedRange::Range(range), ParsedSize::Star) => {`
`87`	`87`	`Ok(Self::Bound(Bound { range, size: None }))`
`88`	`88`	`}`
`89`		`- (ParsedRange::Range(range), ParsedSize::Value(size)) => Ok(Self::Bound(Bound {`
`90`		`- range,`
`91`		`- size: Some(size),`
`92`		`- })),`
	`89`	`+ (ParsedRange::Range(range), ParsedSize::Value(size)) if range.end() < size => {`
	`90`	`+ Ok(Self::Bound(Bound {`
	`91`	`+ range,`
	`92`	`+ size: Some(size),`
	`93`	`+ }))`
	`94`	`+ }`
	`95`	`+ (ParsedRange::Range(_), ParsedSize::Value(_)) => {`
	`96`	`+ Err(ParseHttpRangeOrContentRangeError::MalformedRange)`
	`97`	`+ }`
`93`	`98`	`}`
`94`	`99`	`}`
`95`	`100`	`}`