From f264eb5dd090c0e447c20c06fe857afd2f30ac48 Mon Sep 17 00:00:00 2001
From: Bo <bo@bowild.com>
Date: Fri, 4 Oct 2019 23:42:44 +0300
Subject: [PATCH] docs + credits + misc.

---
 CHANGELOG.md          | 8 ++++++--
 lib/facil/fio.c       | 2 +-
 lib/facil/http/http.c | 4 ++--
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 71b42f88..ed5dca15 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,9 +2,13 @@
 
 ### v. 0.7.3
 
-**Fix**: (`fio`) fixes an issue where timer cleanup wasn't performed after `fio_stop` (or SIGINT/SIGTERM). No a "clean slate" will be provided if `fio_start` is called more then once. Note: this may **break previous behavior**, which should be considered undocumented and unexpected behavior. (this fax **may** be deferred to version 0.8.x, still undecided). Credit to @fbrausse for opening issue #72. 
+**Fix**: (`http`) fixes a security issue in the static file name resolution logic, where a maliciously encoded request could invoke an arbitrary response.
 
-**Fix**: (`fio`) fixes an issue where timer cleanup would be performed after the `AT_EXIT` state callbacks. Now the timer cleanup callbacks will be performed **before** the `AT_EXIT` callback (as they should). (See issue #72).
+**Fix**: (`fio`) fixes an issue where setting a different value to `FIO_SLOWLORIS_LIMIT` was being ignored.
+
+**Fix**: (`fio`, `fiobj`) improved C++ compatibility. Credit to Joey (@joeyhoek) for PR #76.
+
+**Fix**: (`fio`) fixes an issue where timer cleanup wasn't performed after `fio_stop` (or SIGINT/SIGTERM). No a "clean slate" will be provided if `fio_start` is called more then once. Note: this may **break previous behavior**, which should be considered undocumented and unexpected behavior. (this fax **may** be deferred to version 0.8.x, still undecided). Credit to @fbrausse for opening issue #72. 
 
 **Fix**: (`fio`) fixes an issue where timer cleanup would be performed after the `AT_EXIT` state callbacks. Now the timer cleanup callbacks will be performed **before** the `AT_EXIT` callback (as they should). (See issue #72).
 
diff --git a/lib/facil/fio.c b/lib/facil/fio.c
index 8b2862cd..59f0a7ef 100644
--- a/lib/facil/fio.c
+++ b/lib/facil/fio.c
@@ -2970,7 +2970,7 @@ ssize_t fio_flush(intptr_t uuid) {
     goto test_errno;
   }
 
-  if (uuid_data(uuid).packet_count >= 1024 &&
+  if (uuid_data(uuid).packet_count >= FIO_SLOWLORIS_LIMIT &&
       uuid_data(uuid).packet == old_packet &&
       uuid_data(uuid).sent >= old_sent &&
       (uuid_data(uuid).sent - old_sent) < 32768) {
diff --git a/lib/facil/http/http.c b/lib/facil/http/http.c
index b5429f1f..18d7f4ae 100644
--- a/lib/facil/http/http.c
+++ b/lib/facil/http/http.c
@@ -363,9 +363,9 @@ static inline int http_test_encoded_path(const char *mem, size_t len) {
   while (mem < end && (pos = memchr(mem, '/', (size_t)len))) {
     len = end - pos;
     mem = pos + 1;
-    if (len >= 1 && pos[1] == '/')
+    if (pos[1] == '/')
       return -1;
-    if (len > 3 && pos[1] == '.' && pos[2] == '.' && pos[4] == '/')
+    if (len > 3 && pos[1] == '.' && pos[2] == '.' && pos[3] == '/')
       return -1;
   }
   return 0;