Skip to content

ipv6 loopback sets insecure, opus improvements#3768

Merged
awick merged 2 commits into
mainfrom
opus-improvements-11
Mar 4, 2026
Merged

ipv6 loopback sets insecure, opus improvements#3768
awick merged 2 commits into
mainfrom
opus-improvements-11

Conversation

@awick

@awick awick commented Mar 4, 2026

Copy link
Copy Markdown
Contributor
  • config.c — Redis config: add upper bound (10MB) on response length + malloc failure check
  • db.c — Fix uint16_t → int for path length comparison; check statvfs() return value and handle f_blocks == 0 to avoid divide-by-zero
  • parsers/quic.c — Prevent buffer overflow: clamp memcpy length to sizeof(buffer)
  • reader-scheme.c — Prevent undefined behavior: clamp pcapng timestamp resolution bit shift to max 63
  • thirdparty/patricia.c/.h — Remove unused prefix_toa/prefix_toa2/prefix_toa2x functions (dead code with thread-safety issues)
  • arkimeCache.js — Fix require path ../common/arkimeUtil → ./arkimeUtil
  • arkimeConfig.js — Fix JSON.stringify replacer false → null; add IPv6 [::1] to isInsecure()
  • arkimeUtil.js — Fix expressErrorHandler: add headersSent guard, remove erroneous next() after res.send()
  • auth.js — Add MD5/RFC 2617 documentation nosemgrep annotation on pass2ha1()
  • notifier.js — Add missing .catch() on searchNotifiers promise chain
  • user.js — Use rolesQ copy instead of this.roles in expandFromRoles loop
  • api-buildquery.t — Add 3 test cases for :: (all-zeros IPv6) IP search expressions

License

I confirm that this contribution is made under an Apache 2.0 license and that I have the authority necessary to make this contribution on behalf of its copyright owner.

awick and others added 2 commits March 4, 2026 08:56
@awick
ipv6 loopback sets insecure, opus improvements
d8b8bc9 
   * config.c — Redis config: add upper bound (10MB) on response length + malloc failure check
   * db.c — Fix uint16_t → int for path length comparison; check statvfs() return value and handle f_blocks == 0 to avoid divide-by-zero
   * parsers/quic.c — Prevent buffer overflow: clamp memcpy length to sizeof(buffer)
   * reader-scheme.c — Prevent undefined behavior: clamp pcapng timestamp resolution bit shift to max 63
   * thirdparty/patricia.c/.h — Remove unused prefix_toa/prefix_toa2/prefix_toa2x functions (dead code with thread-safety issues)
   * arkimeCache.js — Fix require path ../common/arkimeUtil → ./arkimeUtil
   * arkimeConfig.js — Fix JSON.stringify replacer false → null; add IPv6 [::1] to isInsecure()
   * arkimeUtil.js — Fix expressErrorHandler: add headersSent guard, remove erroneous next() after res.send()
   * auth.js — Add MD5/RFC 2617 documentation nosemgrep annotation on pass2ha1()
   * notifier.js — Add missing .catch() on searchNotifiers promise chain
   * user.js — Use rolesQ copy instead of this.roles in expandFromRoles loop
   * api-buildquery.t — Add 3 test cases for :: (all-zeros IPv6) IP search expressions

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@awick
updated
2d48441
@awick awick merged commit 179b9db into main Mar 4, 2026
29 of 30 checks passed
@awick awick deleted the opus-improvements-11 branch March 4, 2026 15:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@awick