sthttpd
sthttpd copied to clipboard
blueness
A fork of Jef Poskanzer's popular thttpd.
When building sthttpd with ASAN (`-fsanitize=address`) I noticed a number of crashes with trivial requests such as the following: ``` GET //../HTTP/1.1\r\n\r\n ``` The problem is most visible on systems...
The header X-Forwarded-For may contain an ipv4 address for an ipv6 connection, and vice versa more details https://blog.steve.fi/ipv6_and_thttpd.html ~~~ --- src/libhttpd.c +++ src/libhttpd.c.new @@ -2207,7 +2204,10 @@ { // Use...
TCP Fast Open (TFO) is an extension to speed up the opening of successive Transmission Control Protocol (TCP) connections between two endpoints. It works by using a TFO cookie (a...
I found the problem in the function fdwatch_get_nfiles which return 1048576 : thttpd.c: max_connects = fdwatch_get_nfiles(); . /* Initialize our connections table. */ connects = NEW( connecttab, max_connects ); Before...
What this patch does is it includes a policy for AppArmor (inside a new `dist/apparmor` subfolder, which might not be correct) and it lets the process drop its privileges before...
See line 34. You tried to do command substitution but you accidentally typed two "`"s. I fixed. Also sorry for changing encoding from ISO-8859-1 to UTF-8; I edited from GitHub...
This enforces using sigset() API which needs _GNU_SOURCE macro to be defined Signed-off-by: Khem Raj
In https://github.com/blueness/sthttpd/blob/master/extras/htpasswd.c#L100 the use of the `gets` function could pose a security risk as it does not check the size of the buffer that is read in. This could be...
