Thanks to Fabrice Gilot for reporting the problem that led to uncovering this.
Due to a misunderstanding of the return value of snprintf (it is not truncated according
to the max size passed in) in places relying on snprintf to truncate the length
overflows are possible.
This patch wraps snprintf with a new lws_snprintf() which does truncate its length to allow
the buffer limiting scheme to work properly.
All users should update with these fixes.
In 1.7.x, there's no affected code in the library itself, just a couple on instances in the
test app code.
While checking with ab, I found
commit 30cdb3ac8f
Author: Justin Chen <justinchen00@github.invalid.com>
Date: Thu Apr 14 21:40:53 2016 +0800
recv treat zero return as error
https://github.com/warmcat/libwebsockets/issues/475
turned ab performance to crap, reverting it made everything fast again.
recv manpage says there is three ways to get zero returned
1) When a stream socket peer has performed an orderly shutdown, the return value will be 0 (the traditional "end-of-file"
return).
2) Datagram sockets in various domains (e.g., the UNIX and Internet domains) permit zero-length datagrams. When such a
datagram is received, the return value is 0.
3) The value 0 may also be returned if the requested number of bytes to receive from a stream socket was 0.
we can't just assume it means the peer shut down.
If the peer shut down, then the event loop should get an event on the socket like POLLHUP and deal with it that way.
So the patch mentioned above is simply reverted here.
Signed-off-by: Andy Green <andy@warmcat.com>
https://github.com/warmcat/libwebsockets/issues/481
Return 403 Forbidden if we don't end up with a uri path starting with /
Test server already did this, but this makes it built into the
library.
Signed-off-by: Andy Green <andy@warmcat.com>
Add a test html button that will send 9KB of junk to confirm it
https://github.com/warmcat/libwebsockets/issues/480
permessage-deflate now checks the protocol rx buffer size for being
>=128, if not, permessage-deflate is disabled on that connection.
If it is >=128 but less than the zlib decompress buffer size, the
zlib decompress buffer size for that connection is reduced to the
nearest power of two of the protocol rx buf size.
To test this, dumb_increment is left violating the >= 128 rx buffer
size and permessage-deflte can be seen to be disabled on his
connections in the test html.
Signed-off-by: Andy Green <andy@warmcat.com>
