Hi there,
I am using your SDK proudly and it has many great features. It is really great, but it stops working with a SIGABORT on my linux in
this section of code, when it is pinged by nmap:
http_linux_server.cpp
```
// Get the path - remove the version portion and prefix space
builder.append_path(http_path_and_version.substr(1, http_path_and_version.size() - VersionPortionSize - 1));
```
This is caused, because nmap just opens a connection without sending any valid headers. This is a security flaw that can be used for DOS-attacks.
You should probably check, whether you can use substr before you use it. This crash sometimes appears when using Chrome with ajax request. It would be kind, if you could patch this.
Kind regards
Henrik
Comments: Hernrik, I just pushed the fix in the development branch: https://casablanca.codeplex.com/SourceControl/changeset/9236b1c9f6043724a5947f8cf6bfaaae3c0e11b3 I didn't do any targeted nmap testing, but if you find any other issues, let us know. Will close the issue now.
I am using your SDK proudly and it has many great features. It is really great, but it stops working with a SIGABORT on my linux in
this section of code, when it is pinged by nmap:
http_linux_server.cpp
```
// Get the path - remove the version portion and prefix space
builder.append_path(http_path_and_version.substr(1, http_path_and_version.size() - VersionPortionSize - 1));
```
This is caused, because nmap just opens a connection without sending any valid headers. This is a security flaw that can be used for DOS-attacks.
You should probably check, whether you can use substr before you use it. This crash sometimes appears when using Chrome with ajax request. It would be kind, if you could patch this.
Kind regards
Henrik
Comments: Hernrik, I just pushed the fix in the development branch: https://casablanca.codeplex.com/SourceControl/changeset/9236b1c9f6043724a5947f8cf6bfaaae3c0e11b3 I didn't do any targeted nmap testing, but if you find any other issues, let us know. Will close the issue now.
