simon/tiny_httpd
1
0
Fork 0
mirror of https://github.com/c-cube/tiny_httpd.git synced 2026-03-07 21:37:57 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
tiny_httpd/.github/workflows
History
Simon Cruanes ba19880d75
Some checks failed
github pages / deploy (push) Has been cancelled
Details
build / build (4.13.x, ubuntu-latest) (push) Has been cancelled
Details
build / build (4.14.x, ubuntu-latest) (push) Has been cancelled
Details
build / build (5.03.x, ubuntu-latest) (push) Has been cancelled
Details
hardening bugfixes 
* fix: use realpath to validate filesystem paths against traversal

- add string_prefix helper to check path containment
- compute root_canonical once per add_vfs_ call
- use realpath only for filesystem (on_fs=true), keeping simple
  contains_dot_dot check for VFS
- paths are already URL-decoded by Route.rest_of_path_urlencoded

* fix: add header size limits to prevent memory exhaustion

add optional limits to Headers.parse_:
- max_headers: 100 (default)
- max_header_size: 16KiB per header (default)
- max_total_size: 256KiB total (default)

returns 431 status code when limits exceeded per RFC 6585.
2026-02-10 19:57:21 -05:00
..
format.yml hardening bugfixes 2026-02-10 19:57:21 -05:00
gh-pages.yml fix CI 2025-01-29 22:29:38 -05:00
main.yml hardening bugfixes 2026-02-10 19:57:21 -05:00