docs + credits + misc.

boazsegev · Oct 4, 2019 · f264eb5 · f264eb5
1 parent 1e0be70
commit f264eb5
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,9 +2,13 @@
 
 ### v. 0.7.3
 
-**Fix**: (`fio`) fixes an issue where timer cleanup wasn't performed after `fio_stop` (or SIGINT/SIGTERM). No a "clean slate" will be provided if `fio_start` is called more then once. Note: this may **break previous behavior**, which should be considered undocumented and unexpected behavior. (this fax **may** be deferred to version 0.8.x, still undecided). Credit to @fbrausse for opening issue #72. 
+**Fix**: (`http`) fixes a security issue in the static file name resolution logic, where a maliciously encoded request could invoke an arbitrary response.
 
-**Fix**: (`fio`) fixes an issue where timer cleanup would be performed after the `AT_EXIT` state callbacks. Now the timer cleanup callbacks will be performed **before** the `AT_EXIT` callback (as they should). (See issue #72).
+**Fix**: (`fio`) fixes an issue where setting a different value to `FIO_SLOWLORIS_LIMIT` was being ignored.
+
+**Fix**: (`fio`, `fiobj`) improved C++ compatibility. Credit to Joey (@joeyhoek) for PR #76.
+
+**Fix**: (`fio`) fixes an issue where timer cleanup wasn't performed after `fio_stop` (or SIGINT/SIGTERM). No a "clean slate" will be provided if `fio_start` is called more then once. Note: this may **break previous behavior**, which should be considered undocumented and unexpected behavior. (this fax **may** be deferred to version 0.8.x, still undecided). Credit to @fbrausse for opening issue #72. 
 
 **Fix**: (`fio`) fixes an issue where timer cleanup would be performed after the `AT_EXIT` state callbacks. Now the timer cleanup callbacks will be performed **before** the `AT_EXIT` callback (as they should). (See issue #72).
 

diff --git a/lib/facil/fio.c b/lib/facil/fio.c
@@ -2970,7 +2970,7 @@ ssize_t fio_flush(intptr_t uuid) {
     goto test_errno;
   }
 
-  if (uuid_data(uuid).packet_count >= 1024 &&
+  if (uuid_data(uuid).packet_count >= FIO_SLOWLORIS_LIMIT &&
       uuid_data(uuid).packet == old_packet &&
       uuid_data(uuid).sent >= old_sent &&
       (uuid_data(uuid).sent - old_sent) < 32768) {

diff --git a/lib/facil/http/http.c b/lib/facil/http/http.c
@@ -363,9 +363,9 @@ static inline int http_test_encoded_path(const char *mem, size_t len) {
   while (mem < end && (pos = memchr(mem, '/', (size_t)len))) {
     len = end - pos;
     mem = pos + 1;
-    if (len >= 1 && pos[1] == '/')
+    if (pos[1] == '/')
       return -1;
-    if (len > 3 && pos[1] == '.' && pos[2] == '.' && pos[4] == '/')
+    if (len > 3 && pos[1] == '.' && pos[2] == '.' && pos[3] == '/')
       return -1;
   }
   return 0;