rdelaage
/
gmid
mirror of https://github.com/omar-polo/gmid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
547 Commits 2 Branches 31 Tags 6.5 MiB
Commit Graph

5 Commits

Author SHA1 Message Date
Omar Polo 9d092b607a fix IRI-parsing bug 
Some particularly crafted IRIs can cause a denial of service (DOS).
IRIs which have a trailing `..' segment and resolve to a valid IRI
(i.e. a .. that's not escaping the root directory) will make the
server process loop forever.

This is """just""" an DOS vulnerability, it doesn't expose anything
sensitive or give an attacker anything else.
 2021-04-12 20:11:47 +00:00
Omar Polo 4125c94fda make sure @ is allowed, and rephrase another test 2021-02-06 13:57:12 +00:00
Omar Polo 8404ec301f don't %-decode the query 2021-02-05 14:31:53 +00:00
Omar Polo e7c7f19c4e more IRI tests 
ensure non-encoded and pct-encoded hostnames are parsed correctly
 2021-01-29 18:52:36 +00:00
Omar Polo 5c2e310ede brand new regress suite 2021-01-22 16:48:04 +00:00