After few more tests, it seems the range value is important.
If the range begin is lower than 1M (1024*1024), it leaks:
for i in $(seq 1 10); do curl -H "X-Auth-Token: $OS_AUTH_TOKEN" $OS_STORAGE_URL/range_leak_ec/obj -H "Range: bytes=1048575-1048580"; echo; done
If the range begin is greater or equal than 1M, it does not leak:
for i in $(seq 1 10); do curl -H "X-Auth-Token: $OS_AUTH_TOKEN" $OS_STORAGE_URL/range_leak_ec/obj -H "Range: bytes=1048576-1048580"; echo; done
After few more tests, it seems the range value is important.
If the range begin is lower than 1M (1024*1024), it leaks: URL/range_ leak_ec/ obj -H "Range: bytes=1048575- 1048580" ; echo; done
for i in $(seq 1 10); do curl -H "X-Auth-Token: $OS_AUTH_TOKEN" $OS_STORAGE_
If the range begin is greater or equal than 1M, it does not leak: URL/range_ leak_ec/ obj -H "Range: bytes=1048576- 1048580" ; echo; done
for i in $(seq 1 10); do curl -H "X-Auth-Token: $OS_AUTH_TOKEN" $OS_STORAGE_