added some security features

2025-05-17 03:33:02 +02:00 · 2025-05-17 03:33:02 +02:00 · a123d0a22d
commit a123d0a22d
parent c0e798996b
1 changed files with 15 additions and 0 deletions
--- a/main.cpp
+++ b/main.cpp
@ -126,6 +126,16 @@ std::map<std::string, std::string> parse_headers(const std::vector<std::string>
    return ret;
 }

+std::string filename_sanitation(std::string filename)
+{
+    std::filesystem::path p(filename);
+    std::string ret = p.filename().string();
+    if (ret == "" || ret == "." || ret == "..")
+        return "generic_file.txt";
+
+    return ret;
+}
+
 std::string get_filename(std::string data)
 {
    bool started_quote = false;
@ -139,6 +149,7 @@ std::string get_filename(std::string data)
        else if (started_quote)
            ret.push_back(x);
    }
+    ret = filename_sanitation(ret);
    return ret;
 }

@ -181,6 +192,8 @@ char *search_substring(char *start_data, const char *substring, size_t size)
    return NULL;
 }

+
+
 int main()
 {
    netlib::server_raw server(150000000);
@ -243,6 +256,8 @@ int main()
                                else if (h.contains("Content-Length:"))
                                {
                                    file_size = atoi_newline(h["Content-Length:"].c_str());
+                                    if (file_size > 1000000000) //1GB
+                                        server.disconnect_user(user);
                                }
                                else if (line_str.contains(boundary) && boundary.contains("----"))
                                {