http fails on 416 when resuming

[Smackd0wn]

I did this

On git master, curl --fail -O -C - http://host/file when the local file had already been completely downloaded.

Server response:

< HTTP/1.1 416 Requested Range Not Satisfiable
< Server: nginx/1.22.1
< Date: Wed, 15 Feb 2023 13:29:29 GMT
< Content-Type: text/html; charset=utf8
< Content-Length: 197
< Content-Range: bytes */1234567

I expected the following

curl exits with code 0 (no error, even with --fail), because in http_should_fail():

curl/lib/http.c

Lines 1161 to 1167 in 3027611

	/*
	** A 416 response to a resume request is presumably because the file is
	** already completely downloaded and thus not actually a fail.
	*/
	if(data->state.resume_from && data->state.httpreq == HTTPREQ_GET &&
	httpcode == 416)
	return FALSE;

However, when the requested range was unsatisfied (e.g., Content-Range: */1234567), data->state.resume_from is overwritten with 0 (see line 3479), and thus the check above always fail.

curl/lib/http.c

Lines 3452 to 3480 in 3027611

	else if(!k->http_bodyless && checkprefix("Content-Range:", headp)) {
	/* Content-Range: bytes [num]-
	Content-Range: bytes: [num]-
	Content-Range: [num]-
	Content-Range: [asterisk]/[total]
	The second format was added since Sun's webserver
	JavaWebServer/1.1.1 obviously sends the header this way!
	The third added since some servers use that!
	The fourth means the requested range was unsatisfied.
	*/
	char *ptr = headp + strlen("Content-Range:");
	/* Move forward until first digit or asterisk */
	while(*ptr && !ISDIGIT(*ptr) && *ptr != '*')
	ptr++;
	/* if it truly stopped on a digit */
	if(ISDIGIT(*ptr)) {
	if(!curlx_strtoofft(ptr, NULL, 10, &k->offset)) {
	if(data->state.resume_from == k->offset)
	/* we asked for a resume and we got it */
	k->content_range = TRUE;
	}
	}
	else
	data->state.resume_from = 0; /* get everything */
	}

[piru]

It appears nginx returns: content-range: bytes */<filesize> in this case. For example Apache2 doesn't include the content-range header for 416 response.

This seems to fix this issue, but I am not entirely sure if this is the best way to fix it:

diff --git a/lib/http.c b/lib/http.c
index ee31aa2c6..caa3d50a1 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -3476,7 +3476,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn,
           k->content_range = TRUE;
       }
     }
-    else
+    else if(416 != k->httpcode)
       data->state.resume_from = 0; /* get everything */
   }
 #if !defined(CURL_DISABLE_COOKIES)

Comments are welcome.

[hmeine]

I run into this problem as well. I tried running curl -C - to download a build artifact from an artifactory server, hoping that repeated script runs would not download the large file multiple times.

The server replies with

HTTP/1.1 416 Requested Range Not Satisfiable
Connection: keep-alive
Content-Length: 0
Content-Range: bytes */977880575
Date: Wed, 09 Aug 2023 09:57:07 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Artifactory-Id: ***redacted***
X-Artifactory-Node-Id: ***redacted***
X-Jfrog-Version: Artifactory/7.55.13 75513900

and curl fails (exit code 22).

As I am not familiar with the curl codebase, I have problems reviewing the change in #10644 and do not yet understand what is the problem with it.