Bump libweb to 0.3.0
The following commits fix a couple of security issues on libweb. Because of afe0681c0b26bb64bad55d7e86770f346cfa043e, slcl had to be updated to set up its struct http_cfg_post. commit afe0681c0b26bb64bad55d7e86770f346cfa043e Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> Date: Mon Feb 19 23:00:56 2024 +0100 Limit maximum multipart/form-data pairs and files A malicious user could inject an infinite number of empty files or key/value pairs into a request in order to exhaust the device's resources. commit 9d9e0c2979f43297b2ebbf84f14f064f3f9ced0e Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> Date: Mon Feb 19 22:49:09 2024 +0100 html.c: Avoid half-init objects on html_node_add_attr The previous implementation would leave half-initialised objects if one of the calls to strdup(3) failed. Now, n->attrs is only modified when all previous memory allocations were successful.
This commit is contained in:
parent
0f889b409e
commit
f6b84b765d
|
@ -13,7 +13,7 @@ add_executable(${PROJECT_NAME}
|
|||
target_compile_options(${PROJECT_NAME} PRIVATE -Wall)
|
||||
target_compile_definitions(${PROJECT_NAME} PRIVATE _FILE_OFFSET_BITS=64)
|
||||
set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_CURRENT_LIST_DIR}/cmake)
|
||||
find_package(web 0.2.0)
|
||||
find_package(web 0.3.0)
|
||||
|
||||
if(WEB_FOUND)
|
||||
find_package(dynstr 0.1.0)
|
||||
|
|
2
libweb
2
libweb
|
@ -1 +1 @@
|
|||
Subproject commit 6ceae16a20175edb77fb2ffab0d3d6648d011221
|
||||
Subproject commit b4930f72bb9026c5a0871f4fa4cabe20cb0e6a9f
|
Loading…
Reference in New Issue