diff --git a/DEPENDENCIES b/DEPENDENCIES index 54193cb8..532b72d5 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -3,6 +3,6 @@ noa https://github.com/sourcemeta/noa caad2e1ceedf9fd1a18686a6a6d1e2b9757ead75 jsontoolkit https://github.com/sourcemeta/jsontoolkit 2d78929faf0f96110edfb67fa3ddf6916cf35ef7 bearssl https://www.bearssl.org/git/BearSSL 8ef7680081c61b486622f2d983c0d3d21e83caad zlib https://github.com/madler/zlib 51b7f2abdade71cd9bb0e7a373ef2610ec6f9daf -uwebsockets https://github.com/uNetworking/uWebSockets v20.68.0 +uwebsockets https://github.com/uNetworking/uWebSockets v20.69.0 googletest https://github.com/google/googletest 987e225614755fec7253aa95bf959c09e0d380d7 curl https://github.com/curl/curl curl-8_10_1 diff --git a/vendor/uwebsockets/src/HttpParser.h b/vendor/uwebsockets/src/HttpParser.h index cf86cd2b..b94aa33e 100644 --- a/vendor/uwebsockets/src/HttpParser.h +++ b/vendor/uwebsockets/src/HttpParser.h @@ -390,6 +390,7 @@ struct HttpParser { /* We should not accept whitespace between key and colon, so colon must foloow immediately */ if (postPaddedBuffer[0] != ':') { /* Error: invalid chars in field name */ + err = HTTP_ERROR_400_BAD_REQUEST; return 0; } postPaddedBuffer++; @@ -406,6 +407,7 @@ struct HttpParser { continue; } /* Error - invalid chars in field value */ + err = HTTP_ERROR_400_BAD_REQUEST; return 0; } break; @@ -437,6 +439,9 @@ struct HttpParser { return (unsigned int) ((postPaddedBuffer + 2) - start); } else { /* \r\n\r plus non-\n letter is malformed request, or simply out of search space */ + if (postPaddedBuffer != end) { + err = HTTP_ERROR_400_BAD_REQUEST; + } return 0; } }