d74993a42c
relay: limit size of partial message received while reading an HTTP request to prevent memory exhaustion
...
A relay client could send data with no end-of-line (an unterminated method
or header line) and dribble its payload, making WeeChat accumulate it in the
partial message buffer that grew without limit, until all memory was
exhausted. This path is reachable before authentication during websocket
initialization with the "weechat" and "irc" protocols.
The accumulated partial message is now bounded by
RELAY_HTTP_PARTIAL_MESSAGE_MAX_LENGTH: once the limit is reached, the extra
data is ignored.
2026-06-06 09:36:22 +02:00
3687ce0f0f
relay: limit size of received websocket frame and HTTP body to prevent memory exhaustion
...
A relay client could announce a huge websocket frame (or HTTP body via
"Content-Length") and dribble its payload, making WeeChat accumulate it
in a buffer that grew without limit, until all memory was exhausted. The
websocket frame path is reachable before authentication with the
"weechat" and "irc" protocols.
The announced websocket frame length and HTTP "Content-Length" are now
bounded by WEBSOCKET_FRAME_MAX_LENGTH and RELAY_HTTP_BODY_MAX_LENGTH: an
oversized websocket frame closes the connection, and an oversized body is
rejected.
2026-06-01 21:56:34 +02:00
f53e7fb9ef
core, plugins: fix typos in comments on functions, use imperative
2026-03-23 20:45:36 +01:00
106fe6ca7c
core: update copyright dates
2026-03-08 10:37:15 +01:00
93d73d234f
relay/api: consider boolean/long query string parameters as invalid if they are empty
2025-10-26 18:12:02 +01:00
d05b83d03f
relay/api: return an error 401 when header "x-weechat-totp" is received with empty value
2025-10-26 10:11:10 +01:00
0009732f78
relay/api: return an error 401 when header "x-weechat-totp" has an invalid value
2025-10-26 09:19:43 +01:00
e637e0de1c
relay/api: return an error 400 when URL parameters "nicks", "lines" and "lines_free" have an invalid value
2025-10-26 08:07:23 +01:00
a1cbe63a42
tests: move CMake file, main C++/headers for tests and scripts to unit directory
2025-05-05 13:18:34 +02:00
2475f20cb7
all: move description of C files below the copyright and license
2025-03-31 11:47:49 +02:00
3a6ac9ee76
all: add SPDX license tag
2025-03-31 07:49:26 +02:00
d8987a1678
all: replace Copyright lines by SPDX copyright tag
2025-03-30 14:47:12 +02:00
547e2b934e
core: update copyright dates
2025-02-01 23:13:18 +01:00
11faf85402
tests: add test for combining request headers
2024-11-24 16:15:35 +01:00
a414fb9da5
tests: add tests for auth via Sec-WebSocket-Protocol
2024-11-24 16:00:25 +01:00
6908eec160
tests: replace POINTERS_EQUAL by STRCMP_EQUAL in string comparisons with NULL
2024-09-14 10:26:42 +02:00
44238650bc
tests: relay: fix relay_http_parse_header function prototype
2024-06-07 12:39:40 +02:00
d05df9ee21
relay: fix allocation and reinit of field "client_context_takeover" in websocket deflate structure
2024-06-01 14:42:55 +02:00
647ca0c047
tests: remove dead assignments
2024-05-25 19:22:13 +02:00
ba97a39565
relay: remove check of NULL pointers before calling relay_http_response_free() (issue #865 )
2024-04-26 21:22:49 +02:00
c2343ecb74
relay: add functions to parse HTTP response (issue #2066 )
2024-04-07 13:16:50 +02:00
24c4029c96
core: remove "wee-" prefix from source files in src/core and src/core/hook
2024-03-12 21:27:37 +01:00
0f30a4e020
relay: move functions to get URL parameters from api to relay-http.c, add tests
2024-02-18 23:13:20 +01:00
9b9b36bb02
tests: fix free of HTTP request
2024-02-18 23:12:56 +01:00
89aeb03a13
relay: remove request from some function arguments (issue #2066 )
2024-02-01 21:39:23 +01:00
83567fd871
relay: allow password hash authentication in api relay, add option relay.network.time_window (issue #2066 )
2024-02-01 21:39:23 +01:00
6cfb31c306
relay: add support of websocket extension "permessage-deflate" ( closes #1549 )
...
This extension is used to compress and decompress websocket frames (using
the DEFLATE algorithm, with zlib).
2024-02-01 21:38:53 +01:00
8971fc069a
relay: add "api" protocol (HTTP REST API) (issue #2066 )
2024-02-01 21:38:49 +01:00
Sébastien Helleu