docs + credits + misc.

boazsegev · boazsegev · commit f264eb5dd090 · 2019-10-04T23:42:44.000+03:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,9 +2,13 @@
 
 ### v. 0.7.3
 
-**Fix**: (`fio`) fixes an issue where timer cleanup wasn't performed after `fio_stop` (or SIGINT/SIGTERM). No a "clean slate" will be provided if `fio_start` is called more then once. Note: this may **break previous behavior**, which should be considered undocumented and unexpected behavior. (this fax **may** be deferred to version 0.8.x, still undecided). Credit to @fbrausse for opening issue #72. 
+**Fix**: (`http`) fixes a security issue in the static file name resolution logic, where a maliciously encoded request could invoke an arbitrary response.
 
-**Fix**: (`fio`) fixes an issue where timer cleanup would be performed after the `AT_EXIT` state callbacks. Now the timer cleanup callbacks will be performed **before** the `AT_EXIT` callback (as they should). (See issue #72).
+**Fix**: (`fio`) fixes an issue where setting a different value to `FIO_SLOWLORIS_LIMIT` was being ignored.
+
+**Fix**: (`fio`, `fiobj`) improved C++ compatibility. Credit to Joey (@joeyhoek) for PR #76.
+
+**Fix**: (`fio`) fixes an issue where timer cleanup wasn't performed after `fio_stop` (or SIGINT/SIGTERM). No a "clean slate" will be provided if `fio_start` is called more then once. Note: this may **break previous behavior**, which should be considered undocumented and unexpected behavior. (this fax **may** be deferred to version 0.8.x, still undecided). Credit to @fbrausse for opening issue #72. 
 
 **Fix**: (`fio`) fixes an issue where timer cleanup would be performed after the `AT_EXIT` state callbacks. Now the timer cleanup callbacks will be performed **before** the `AT_EXIT` callback (as they should). (See issue #72).
 
diff --git a/lib/facil/fio.c b/lib/facil/fio.c
@@ -2970,7 +2970,7 @@ ssize_t fio_flush(intptr_t uuid) {
     goto test_errno;
   }
 
-  if (uuid_data(uuid).packet_count >= 1024 &&
+  if (uuid_data(uuid).packet_count >= FIO_SLOWLORIS_LIMIT &&
       uuid_data(uuid).packet == old_packet &&
       uuid_data(uuid).sent >= old_sent &&
       (uuid_data(uuid).sent - old_sent) < 32768) {
diff --git a/lib/facil/http/http.c b/lib/facil/http/http.c
@@ -363,9 +363,9 @@ static inline int http_test_encoded_path(const char *mem, size_t len) {
   while (mem < end && (pos = memchr(mem, '/', (size_t)len))) {
     len = end - pos;
     mem = pos + 1;
-    if (len >= 1 && pos[1] == '/')
+    if (pos[1] == '/')
       return -1;
-    if (len > 3 && pos[1] == '.' && pos[2] == '.' && pos[4] == '/')
+    if (len > 3 && pos[1] == '.' && pos[2] == '.' && pos[3] == '/')
       return -1;
   }
   return 0;

Original file line number	Diff line number	Diff line change
`@@ -2970,7 +2970,7 @@ ssize_t fio_flush(intptr_t uuid) {`
`2970`	`2970`	`goto test_errno;`
`2971`	`2971`	`}`
`2972`	`2972`
`2973`		`- if (uuid_data(uuid).packet_count >= 1024 &&`
	`2973`	`+ if (uuid_data(uuid).packet_count >= FIO_SLOWLORIS_LIMIT &&`
`2974`	`2974`	`uuid_data(uuid).packet == old_packet &&`
`2975`	`2975`	`uuid_data(uuid).sent >= old_sent &&`
`2976`	`2976`	`(uuid_data(uuid).sent - old_sent) < 32768) {`