simon/tiny_httpd
1
0
Fork 0
mirror of https://github.com/c-cube/tiny_httpd.git synced 2026-03-07 21:37:57 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
574 commits 20 branches 20 tags 11 MiB
Commit graph

7 commits

Author SHA1 Message Date
Simon Cruanes
ba19880d75
hardening bugfixes
Some checks failed
github pages / deploy (push) Has been cancelled
Details
build / build (4.13.x, ubuntu-latest) (push) Has been cancelled
Details
build / build (4.14.x, ubuntu-latest) (push) Has been cancelled
Details
build / build (5.03.x, ubuntu-latest) (push) Has been cancelled
Details 
* fix: use realpath to validate filesystem paths against traversal

- add string_prefix helper to check path containment
- compute root_canonical once per add_vfs_ call
- use realpath only for filesystem (on_fs=true), keeping simple
  contains_dot_dot check for VFS
- paths are already URL-decoded by Route.rest_of_path_urlencoded

* fix: add header size limits to prevent memory exhaustion

add optional limits to Headers.parse_:
- max_headers: 100 (default)
- max_header_size: 16KiB per header (default)
- max_total_size: 256KiB total (default)

returns 431 status code when limits exceeded per RFC 6585.
 2026-02-10 19:57:21 -05:00
Simon Cruanes
f6daff24c0
prepare for 0.18 2025-04-18 09:37:27 -04:00
Simon Cruanes
7028fec2a0
feat response: add pp_with; have pp hide set-cookie headers 
we don't want to accidentally log cookies, they might contain
credentials or secret tokens.
 2024-09-27 15:26:20 -04:00
Simon Cruanes
9eb3cbfc70
prepare for 0.17 2024-06-20 15:23:51 -04:00
Simon Cruanes
7de89bd555
expose Response.Bad_req 2024-02-28 16:11:16 -05:00
Simon Cruanes
adf4c6815f
finish refactor 2024-02-26 15:48:10 -05:00
Simon Cruanes
5f321774e1
wip: use Iostream for IOs; add hmap to request; refactor 2024-02-26 13:41:55 -05:00