simon/tiny_httpd
1
0
Fork 0
mirror of https://github.com/c-cube/tiny_httpd.git synced 2026-03-07 21:37:57 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
tiny_httpd/examples
History
Simon Cruanes ba19880d75
Some checks failed
github pages / deploy (push) Has been cancelled
Details
build / build (4.13.x, ubuntu-latest) (push) Has been cancelled
Details
build / build (4.14.x, ubuntu-latest) (push) Has been cancelled
Details
build / build (5.03.x, ubuntu-latest) (push) Has been cancelled
Details
hardening bugfixes 
* fix: use realpath to validate filesystem paths against traversal

- add string_prefix helper to check path containment
- compute root_canonical once per add_vfs_ call
- use realpath only for filesystem (on_fs=true), keeping simple
  contains_dot_dot check for VFS
- paths are already URL-decoded by Route.rest_of_path_urlencoded

* fix: add header size limits to prevent memory exhaustion

add optional limits to Headers.parse_:
- max_headers: 100 (default)
- max_header_size: 16KiB per header (default)
- max_total_size: 256KiB total (default)

returns 431 status code when limits exceeded per RFC 6585.
2026-02-10 19:57:21 -05:00
..
files add a VFS in examples/echo.ml 2022-03-03 22:14:44 -05:00
dune hardening bugfixes 2026-02-10 19:57:21 -05:00
echo.ml hardening bugfixes 2026-02-10 19:57:21 -05:00
echo_ws.ml hardening bugfixes 2026-02-10 19:57:21 -05:00
run_test.sh kill %1 in test is not robust enough 2021-12-11 23:27:35 -10:00
sse_client.ml ocamlformat 2023-05-23 17:40:18 -04:00
sse_demo.html add .html files for SSE and websocket examples 2024-03-12 10:39:50 -04:00
sse_server.ml hardening bugfixes 2026-02-10 19:57:21 -05:00
test_output.txt.expected test: expect test for server-send events (linux only) 2021-07-17 22:10:15 -04:00
writer.ml wip: bugfixes 2024-02-26 16:28:31 -05:00
ws_demo.html add .html files for SSE and websocket examples 2024-03-12 10:39:50 -04:00