Commit Briefs
change struct initialization
makes more explicit which fields we're setting. (and kill an extra empty line)
use memset(3) rather than bzero(3)
There's no difference, but bzero(3) says STANDARDS The bzero() function conforms to the X/Open System Interfaces option of the IEEE Std 1003.1-2004 (“POSIX.1”) specification. It was removed from the standard in IEEE Std 1003.1-2008 (“POSIX.1”), which recommends using memset(3) instead. so here we are.
make sure l is always initialized
I can't think of cases where we reach serialize_iri and path is NULL, but let's keep the safe side and initialize l. gcc 8 found this, clang didn't.
fix IRI-parsing bug
Some particularly crafted IRIs can cause a denial of service (DOS). IRIs which have a trailing `..' segment and resolve to a valid IRI (i.e. a .. that's not escaping the root directory) will make the server process loop forever. This is """just""" an DOS vulnerability, it doesn't expose anything sensitive or give an attacker anything else.
fix various compilation errors
Include gmid.h as first header in every file, as it then includes config.h (that defines _GNU_SOURCE for instance). Fix also a warning about unsigned vs signed const char pointers in openssl.
[iri] accept also : and @
again, to be RFC3986 compliant.
trim initial forward slashes
this parse gemini://example.com///foo into an IRI whose path is "foo". I'm not 100% this is standard-compliant but: 1. it seems a logical consequence of the URI/IRI cleaning algo (where we drop sequential slashes) 2. practically speaking serving file a sequence of forward slashes doesn't really make sense, even in the case of CGI scripts