xavi/slcl/main.c, branch css

main.c: Improve relative path detection

2024-02-20T20:24:17+00:00

Otherwise, the following resources would be considered valid: - /user/../test - /user/./test - /user/a/. - /user/a/./test

main.c: Reject invalid /public/ requests

2024-02-20T07:18:11+00:00

Otherwise: - slcl would accept /public/ (i.e., without a file name) as a valid resource. This would incorrectly map the public/ directory on the database, making slcl to return -1 because public/ is not a regular file. - slcl would accept directory names (e.g.: /public/dir/), which is never expected since slcl stores all public files into a single directory.

main.c: Force valid cookie on check_length

2024-02-19T23:17:40+00:00

Otherwise, a malicious user could send multipart/form-data requests without a valid cookie.

main.c: const-qualify name and dir

2024-02-19T22:35:08+00:00

There was no reason why these should not be const-qualified. It was probably missed during the implementation.

main.c: URL-encode created directories

2024-02-19T22:35:08+00:00

Otherwise, directories with special characters, such as "%", would not be accessible when performing the redirection.

main.c: Use fstat(2) on move_file

2024-02-19T22:35:08+00:00

This allows to reuse the same file descriptor to both open(2) and fstat(2) the file.

Bump libweb to 0.3.0

2024-02-19T22:35:08+00:00

The following commits fix a couple of security issues on libweb. Because of afe0681c0b26bb64bad55d7e86770f346cfa043e, slcl had to be updated to set up its struct http_cfg_post. commit afe0681c0b26bb64bad55d7e86770f346cfa043e Author: Xavier Del Campo Romero Date: Mon Feb 19 23:00:56 2024 +0100 Limit maximum multipart/form-data pairs and files A malicious user could inject an infinite number of empty files or key/value pairs into a request in order to exhaust the device's resources. commit 9d9e0c2979f43297b2ebbf84f14f064f3f9ced0e Author: Xavier Del Campo Romero Date: Mon Feb 19 22:49:09 2024 +0100 html.c: Avoid half-init objects on html_node_add_attr The previous implementation would leave half-initialised objects if one of the calls to strdup(3) failed. Now, n->attrs is only modified when all previous memory allocations were successful.

main.c: Add missing relative path check

2024-02-19T15:59:54+00:00

Upgrade to new libweb interface

2023-11-22T23:06:09+00:00

Recent commits from libweb brought a few breaking changes. The one below affected slcl, so it had to be updated according to the new interface: commit 98f5f52461b0c1ab1ee3331722bd32e2db9e1d41 Author: Xavier Del Campo Date: Thu Nov 16 12:23:08 2023 +0100 Split handler_loop from handler_listen Some applications might set up a struct handler object to listen on any port i.e., 0, but still need a way to determine which port number was eventually selected by the implementation. Therefore, handler_listen has been reduced to the server initialization bit, whereas the main loop has been split into its own function, namely handler_loop. Because of these changes, it no longer made sense for libweb to write the selected port to standard output, as this is something now applications can do on their own.

main.c: Treat non-existing upload dir as non-fatal

2023-11-22T23:01:41+00:00

When a user attempts to upload a file into a non-existing directory, slcl would not check whether the directory exists. Then, rename(3) would fail and slcl would treat this as a fatal error, effectively closing itself. Since this is an example of ill-formed user input, it must be treated as a non-fatal error, and instead slcl should return a bad request page.