Commits
- Commit:
9d092b607a25f4598557792be5ec35f02c3ae966
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix IRI-parsing bug
Some particularly crafted IRIs can cause a denial of service (DOS).
IRIs which have a trailing `..' segment and resolve to a valid IRI
(i.e. a .. that's not escaping the root directory) will make the
server process loop forever.
This is """just""" an DOS vulnerability, it doesn't expose anything
sensitive or give an attacker anything else.
- Commit:
4125c94fda179de8d425ce3fb70972015c80c7a4
- From:
- Omar Polo <op@omarpolo.com>
- Date:
make sure @ is allowed, and rephrase another test
- Commit:
8404ec301fed4f0bb5a3d1e7b5a2e184a93cc4e5
- From:
- Omar Polo <op@omarpolo.com>
- Date:
don't %-decode the query
- Commit:
e7c7f19c4e46e48d577964f4e020a4feb08b581a
- From:
- Omar Polo <op@omarpolo.com>
- Date:
more IRI tests
ensure non-encoded and pct-encoded hostnames are parsed correctly
- Commit:
5c2e310edececfc9ef67946c1bf7df6bcdbe8931
- From:
- Omar Polo <op@omarpolo.com>
- Date:
brand new regress suite