Subject: [PATCH] uri parsing: fix percent interaction with dotdot
https://github.com/warmcat/libwebsockets/issues/481#issuecomment-205863482
- fix inconsistent percent-encoding parsing where dots would sometimes
interact wrongly when non-hex chars follow
/foo/.%xyz now stays as-is instead of swapping . and %
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
https://github.com/warmcat/libwebsockets/issues/481
Return 403 Forbidden if we don't end up with a uri path starting with /
Test server already did this, but this makes it built into the
library.
Signed-off-by: Andy Green <andy@warmcat.com>
Add a test html button that will send 9KB of junk to confirm it
https://github.com/warmcat/libwebsockets/issues/480
permessage-deflate now checks the protocol rx buffer size for being
>=128, if not, permessage-deflate is disabled on that connection.
If it is >=128 but less than the zlib decompress buffer size, the
zlib decompress buffer size for that connection is reduced to the
nearest power of two of the protocol rx buf size.
To test this, dumb_increment is left violating the >= 128 rx buffer
size and permessage-deflte can be seen to be disabled on his
connections in the test html.
Signed-off-by: Andy Green <andy@warmcat.com>
Fix building libwebsockets with the musl C libary.
<sys/cdefs.h> is an internal glibc header and should be avoided in user code.
__P() was used for compatibility with some old K&R C compilers, when there were
no prototypes (which were introduced to C with C89). As supporting legacy
non-ANSI compilers is nowadays not necessary anymore get rid of the unnecessary
function prototype using __P().
Originally this was alright in wsi->u.hdr, because ah implied header
processing. But since we allowed ah to be held across http
keep-alive transactions if we saw we had more header data, it means
we were trying to read this union member out of scope after it had
transitioned.
Moving the more_rx_waiting member to be a 1-bit bifield in the wsi
solves it and lets us check the state any time later at http
transaction completion.
https://github.com/warmcat/libwebsockets/issues/441
Signed-off-by: Andy Green <andy.green@linaro.org>
We needed it for the BSD symbol to be defined, while __NetBSD__ is defined
with a compiler.
Thanks Andy Green for the initial fix.
Signed-off-by: Kamil Rytarowski <n54@gmx.com>
Using "real" SSL certs requires some init for openssl ECDH
curve. Add a default curve "prime256v1" and allow overriding it
at context creation time.
Signed-off-by: Andy Green <andy.green@linaro.org>
