Commit graph

11 commits

Author SHA1 Message Date
Andy Green
1788dc5558 boilerplate: add back missing Lesser that cut-and-pasted itself around 2017-04-06 23:14:03 +08:00
Andy Green
0b7ca30ed1 gcc- format strings: debug and extra plugins 2017-02-05 22:32:07 +08:00
Andy Green
384ee53a36 lwsgt: fix check against forgot password flow defeating existing pw check
https://github.com/warmcat/libwebsockets/issues/706

This fixes a problem where the check for the existing pw was
skipped when a logged-in user is changing his password.

It's not good but because the user has to be logged in, it only affected
the situation someone changes his password on his logged in session.
2016-12-10 09:13:08 +08:00
Andy Green
a496700b3a lws_snprintf
Thanks to Fabrice Gilot for reporting the problem that led to uncovering this.

Due to a misunderstanding of the return value of snprintf (it is not truncated according
to the max size passed in) in several places relying on snprintf to truncate the length
overflows are possible.

This patch wraps snprintf with a new lws_snprintf() which does truncate its length to allow
the buffer limiting scheme to work properly.

All users should update with these fixes.
2016-09-15 02:22:57 +08:00
Andy Green
72502e86f5 coverity 169276-9 - false positive assuming 8b char: char limits index size 2016-08-28 09:49:30 +08:00
Andy Green
e0212b8c85 coverity 169275 - lwsgt check string bounds 2016-08-28 09:44:15 +08:00
Andy Green
16f3e4cacf coverity 169267 - lwsgt strncpy may fill buffer without NUL 2016-08-28 09:10:40 +08:00
Andy Green
e35d91a860 per-vhost headers and lwsws conf support
This l;ets you add per-vhost arbitrary headers on served files, eg

     "headers": [{
        "X-Content-Type-Options": "nosniff",
        "X-XSS-Protection": "1; mode=block",
        "x-frame-options": "SAMEORIGIN"
        }],
2016-08-27 17:07:06 +08:00
Andy Green
2671b7469a plugins-dim-webpage-when-connection-lost 2016-07-14 08:57:28 +08:00
Andy Green
4e75ae3b4e protocol-lws-messageboard
This is a simple messageboard built on top of lwsgs

Signed-off-by: Andy Green <andy@warmcat.com>
2016-06-28 14:51:44 +08:00
Andy Green
7a2fc442b6 protocol generic sessions
Signed-off-by: Andy Green <andy@warmcat.com>
2016-06-18 06:44:31 +08:00