rdelaage
/
gmid
mirror of https://github.com/omar-polo/gmid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,359 Commits 4 Branches 28 Tags 5.4 MiB
Commit Graph

8 Commits

Author SHA1 Message Date
Omar Polo a555e0d67b copyright years 2022-07-04 09:48:39 +00:00
Omar Polo 617ae38546 add some more regress for the encodings 2022-07-04 09:36:55 +00:00
Omar Polo 5e41063f1b bugfix: allow @ and : in paths 
gmid would disallow the '@' and ':' characters in paths (unless
percent-encoded.)  Issue reported by freezr.
 2022-07-04 08:15:39 +00:00
Omar Polo 9d092b607a fix IRI-parsing bug 
Some particularly crafted IRIs can cause a denial of service (DOS).
IRIs which have a trailing `..' segment and resolve to a valid IRI
(i.e. a .. that's not escaping the root directory) will make the
server process loop forever.

This is """just""" an DOS vulnerability, it doesn't expose anything
sensitive or give an attacker anything else.
 2021-04-12 20:11:47 +00:00
Omar Polo 4125c94fda make sure @ is allowed, and rephrase another test 2021-02-06 13:57:12 +00:00
Omar Polo 8404ec301f don't %-decode the query 2021-02-05 14:31:53 +00:00
Omar Polo e7c7f19c4e more IRI tests 
ensure non-encoded and pct-encoded hostnames are parsed correctly
 2021-01-29 18:52:36 +00:00
Omar Polo 5c2e310ede brand new regress suite 2021-01-22 16:48:04 +00:00