From 90ab0b0ec2e8fe6f5746ee397bddf67e2bdac7a7 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Wed, 29 May 2019 21:21:03 +0200
Subject: [PATCH] http: fix overflow in HTPParseContentRange

---
 src/app-layer-htp-file.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/app-layer-htp-file.c b/src/app-layer-htp-file.c
index 16574cf369..3dd25b41e1 100644
--- a/src/app-layer-htp-file.c
+++ b/src/app-layer-htp-file.c
@@ -196,13 +196,13 @@ int HTPParseContentRange(bstr * rawvalue, HtpContentRange *range)
         // case with start and end
         range->start = bstr_util_mem_to_pint(data + pos, len - pos, 10, &last_pos);
         pos += last_pos;
-        if (len < pos || data[pos] != '-') {
+        if (len < pos + 1 || data[pos] != '-') {
             return -1;
         }
         pos++;
         range->end = bstr_util_mem_to_pint(data + pos, len - pos, 10, &last_pos);
         pos += last_pos;
-        if (len < pos || data[pos] != '/') {
+        if (len < pos + 1 || data[pos] != '/') {
             return -1;
         }
         pos++;