mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-05-22 21:32:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix important bugs in redbean

Browse source 
This change upgrades to the latest Chromium Zlib, fixes bugs in redbean,
and introduces better support for reverse proxies like Cloudflare. This
change improves the security of redbean and it's recommended that users
upgrade to the release that'll follow. This change also updates the docs
to clarify how to use the security tools redbean provides e.g. pledge(),
unveil(), and the MODE=asan builds which improve memory safety.
This commit is contained in:
Justine Tunney 2022-09-17 01:37:33 -07:00
parent 994e1f4386
commit 775944a2d0
No known key found for this signature in database
GPG key ID: BE714B4575D6E328
42 changed files with 8148 additions and 7298 deletions
Download patch file Download diff file Expand all files Collapse all files

12
net/http/parseforwarded.c
View file

@ -43,16 +43,18 @@ int ParseForwarded(const char *s, size_t n, uint32_t *ip, uint16_t *port) {
if (n == -1) n = s ? strlen(s) : 0;
if (n) {
t = x = i = 0;
if ((r = strrchr(s, ','))) {
if ((r = memrchr(s, ',', n))) {
i = r - s;
if ((s[++i] & 255) == ' ') ++i; // skip optional space
if ((s[++i] & 255) == ' ') ++i; // skip optional space
}
do {
c = s[i++] & 255;
if (isdigit(c)) {
t *= 10;
t += c - '0';
if (t > 255) return -1;
if (t > 255) {
return -1;
}
} else if (c == '.') {
x <<= 8;
x |= t;
@ -72,7 +74,9 @@ int ParseForwarded(const char *s, size_t n, uint32_t *ip, uint16_t *port) {
if (isdigit(c)) {
t *= 10;
t += c - '0';
if (t > 65535) return -1;
if (t > 65535) {
return -1;
}
} else {
return -1;
}