pegasus/weechat
1
0
Fork 0
mirror of https://github.com/weechat/weechat.git synced 2026-06-25 04:16:38 +02:00
Code Activity
13,383 Commits 38 Branches 229 Tags
4.6
Commit Graph

17 Commits

Author SHA1 Message Date
Sébastien Helleu 398cfc473a relay: limit size of received websocket frame and HTTP body to prevent memory exhaustion 
A relay client could announce a huge websocket frame (or HTTP body via
"Content-Length") and dribble its payload, making WeeChat accumulate it
in a buffer that grew without limit, until all memory was exhausted. The
websocket frame path is reachable before authentication with the
"weechat" and "irc" protocols.

The announced websocket frame length and HTTP "Content-Length" are now
bounded by WEBSOCKET_FRAME_MAX_LENGTH and RELAY_HTTP_BODY_MAX_LENGTH: an
oversized websocket frame closes the connection, and an oversized body is
rejected.
 2026-06-06 14:19:17 +02:00
Sébastien Helleu 547e2b934e core: update copyright dates 2025-02-01 23:13:18 +01:00
Trygve Aaberge 11faf85402 tests: add test for combining request headers 2024-11-24 16:15:35 +01:00
Trygve Aaberge a414fb9da5 tests: add tests for auth via Sec-WebSocket-Protocol 2024-11-24 16:00:25 +01:00
Sébastien Helleu 6908eec160 tests: replace POINTERS_EQUAL by STRCMP_EQUAL in string comparisons with NULL 2024-09-14 10:26:42 +02:00
LuK1337 44238650bc tests: relay: fix relay_http_parse_header function prototype 2024-06-07 12:39:40 +02:00
Sébastien Helleu d05df9ee21 relay: fix allocation and reinit of field "client_context_takeover" in websocket deflate structure 2024-06-01 14:42:55 +02:00
Sébastien Helleu 647ca0c047 tests: remove dead assignments 2024-05-25 19:22:13 +02:00
Sébastien Helleu ba97a39565 relay: remove check of NULL pointers before calling relay_http_response_free() (issue #865) 2024-04-26 21:22:49 +02:00
Sébastien Helleu c2343ecb74 relay: add functions to parse HTTP response (issue #2066) 2024-04-07 13:16:50 +02:00
Sébastien Helleu 24c4029c96 core: remove "wee-" prefix from source files in src/core and src/core/hook 2024-03-12 21:27:37 +01:00
Sébastien Helleu 0f30a4e020 relay: move functions to get URL parameters from api to relay-http.c, add tests 2024-02-18 23:13:20 +01:00
Sébastien Helleu 9b9b36bb02 tests: fix free of HTTP request 2024-02-18 23:12:56 +01:00
Sébastien Helleu 89aeb03a13 relay: remove request from some function arguments (issue #2066) 2024-02-01 21:39:23 +01:00
Sébastien Helleu 83567fd871 relay: allow password hash authentication in api relay, add option relay.network.time_window (issue #2066) 2024-02-01 21:39:23 +01:00
Sébastien Helleu 6cfb31c306 relay: add support of websocket extension "permessage-deflate" (closes #1549) 
This extension is used to compress and decompress websocket frames (using
the DEFLATE algorithm, with zlib).
 2024-02-01 21:38:53 +01:00
Sébastien Helleu 8971fc069a relay: add "api" protocol (HTTP REST API) (issue #2066) 2024-02-01 21:38:49 +01:00