https://github.com/warmcat/libwebsockets/issues/706
This fixes a problem where the check for the existing pw was
skipped when a logged-in user is changing his password.
It's not good but because the user has to be logged in, it only affected
the situation someone changes his password on his logged in session.
From linux ipv6(7) manual (section `Note`):
SOL_IP, SOL_IPV6, SOL_ICMPV6 and other SOL_* socket options are
nonportable variants of IPPROTO_*. See also ip(7).
Ref: http://man7.org/linux/man-pages/man7/ipv6.7.html
Some people are calling service with zero timeout, taking care of
not busywaiting by some other external arrangements.
Adapt the forced service signalling to survive this.
Lws cares about trailing \n on a lot of these tests now. Make it check it still cares on one and remove
the trailing \n on the others.
There's 2 changes in the results about /..//?, it seems to apply / to uri arg 1. But it doesn't seem
to make a problem so just adapt the results for now.
There are two kinds of reaason to call lws_header_table_reset(), one is we are reallocating
a destroyed ah to another wsi, and the other is we are moving to the next pipelined header set
still on the same wsi, and we need a "weaker" reset that only clears down the state related
to the header parsing, not everything about the ah context including the ah rx buffer.
This patch moves the ah rxbuffer rxpos and rxlen resetting out of lws_header_table_reset() and to
be the responsibility of the caller. Callers who are moving the ah to another wsi are
patched to deal with resetting rxpos and rxlen and lws_http_transaction_completed() who only
resets the ah when moving to the next pipelined headers, no longer wrongly clears the ah rxbuf.
https://github.com/warmcat/libwebsockets/issues/638
Thanks to Fabrice Gilot for reporting the problem that led to uncovering this.
Due to a misunderstanding of the return value of snprintf (it is not truncated according
to the max size passed in) in several places relying on snprintf to truncate the length
overflows are possible.
This patch wraps snprintf with a new lws_snprintf() which does truncate its length to allow
the buffer limiting scheme to work properly.
All users should update with these fixes.
