lib: monkey: upgrade to v1.8.8

Signed-off-by: Eduardo Silva <eduardo@chronosphere.io>

Author: edsiper

lib/monkey/AGENTS.md

@@ -0,0 +1,184 @@
+# AGENTS
+
+This file is the local operating guide for agents working in this repository.
+It focuses on two things:
+
+- how the Monkey source tree is organized
+- how commits are written in the existing Git history
+
+## Repository map
+
+Monkey is a small HTTP server written in C. The tree is split by subsystem.
+
+- `mk_core/`
+  Core utilities used by the server and plugins.
+  Includes memory helpers, strings, files, thread helpers, event loops,
+  I/O vectors, config parsing, and generic utilities.
+
+- `mk_server/`
+  The HTTP server implementation.
+  This is where connection handling, request parsing, header generation,
+  virtual hosts, MIME resolution, scheduler integration, streams, plugins,
+  and server lifecycle live.
+
+- `mk_bin/`
+  The standalone `monkey` executable entrypoints and signal handling.
+
+- `include/monkey/`
+  Public and internal headers for the core, server, parser, plugins,
+  config, events, streams, and API types.
+
+- `plugins/`
+  Optional server features.
+  Examples in this tree include `liana`, `mandril`, `dirlisting`, `cgi`,
+  `fastcgi`, `auth`, `logger`, `tls`, and `cheetah`.
+
+- `api/`
+  Small API-focused programs and tests.
+
+- `test/`
+  Native unit/integration-style test targets used by CMake.
+
+- `fuzz/`
+  Fuzzing entrypoints and helpers for parser and request handling.
+
+- `conf/`
+  Config templates installed or copied at build/install time.
+
+- `htdocs/`
+  Default static site content used by the standalone server.
+
+- `cmake/`
+  CMake helper modules and build logic.
+
+- `deps/`
+  Bundled third-party dependencies such as regex, rbtree, libco,
+  and mbedtls sources.
+
+- `qa/`
+  Extra request fixtures and local QA artifacts.
+
+## Main runtime flow
+
+When debugging behavior, the usual path is:
+
+1. `mk_bin/monkey.c`
+   Starts the binary.
+2. `mk_server/monkey.c`, `mk_server/mk_server.c`
+   Initializes the server and worker threads.
+3. `mk_server/mk_scheduler.c`
+   Drives socket events into protocol handlers.
+4. `mk_server/mk_http.c`
+   Owns HTTP session lifecycle, request preparation, response handling,
+   range parsing, file serving, keepalive, and teardown.
+5. `mk_server/mk_http_parser.c`
+   Parses the request line, headers, body state, and chunked transfer coding.
+6. `mk_server/mk_header.c`, `mk_server/mk_stream.c`
+   Build and send responses.
+
+Useful supporting code:
+
+- `mk_server/mk_vhost.c`
+  Virtual host lookup, per-vhost file descriptor table.
+- `mk_server/mk_mimetype.c`
+  File extension to MIME mapping.
+- `mk_server/mk_user.c`
+  `~user` URI handling.
+- `mk_server/mk_plugin.c`
+  Plugin registration and API exposure.
+- `mk_core/mk_event_*.c`
+  Backend-specific event loop implementations.
+
+## Build and verification
+
+Typical local build entrypoint:
+
+```bash
+cmake --build build
+```
+
+If a fresh build tree is needed, inspect `CMakeLists.txt` and the generated
+`build/` layout before changing build flags. The project currently requires
+CMake 3.20 and produces `build/bin/monkey`.
+
+## Commit style used in this repository
+
+Follow the existing Git history, not the older wording in `CONTRIBUTING.md`.
+
+### Subject format
+
+Use a short, lowercase, scope-prefixed subject. The common patterns are:
+
+- `build: bump to v1.8.7`
+- `server: clean thread destroy on worker loop exit`
+- `server: http: move initialization of request headers to request init`
+- `core: event: Plug descriptor leaks in an error case.`
+- `parser: fixed header loss issue caused by duplicated headers`
+- `logger: set log file permissions to 0600, closes CVE-2013-1771 (#413)`
+
+### Prefix rules
+
+Pick the narrowest stable prefix that matches the area being changed.
+
+- `build:` for version bumps, CMake, workflows, packaging
+- `core:` for `mk_core/` functionality
+- `server:` for `mk_server/` functionality
+- `server: http:` for `mk_server/mk_http.c` and closely related request flow
+- `server: parser:` or `server: http_parser:` for parser-specific work
+- `plugin:` or a plugin-specific prefix when the change is isolated there
+- `test:` for tests
+- `logger:`, `scheduler:`, `mimetype:`, `config:` when the change is clearly
+  isolated to that subsystem and history already uses that style
+- backend-specific prefixes like `mk_event_kqueue:` are acceptable when the
+  change is narrow and entirely local to that backend
+
+### Subject style rules
+
+- keep it concise
+- prefer lowercase after the prefix
+- use colon-separated scopes, not bracket tags
+- do not invent long marketing titles
+- keep the subject under 80 characters
+- match existing nouns already used in history where possible
+
+Good examples for this tree:
+
+- `server: http: reject malformed range delimiters`
+- `server: http: avoid reusing invalid request state`
+- `server: parser: validate chunk length tokens strictly`
+- `core: memory: handle null mk_ptr_to_buf input`
+
+Bad examples for this tree:
+
+- `Fix CVEs`
+- `Monkey: important security fixes`
+- `HTTP: Add Various Improvements`
+- `misc: cleanup`
+
+## Commit body rules
+
+The older contribution guide still applies well here.
+
+- include a body for non-trivial changes
+- wrap body lines at about 80 columns
+- explain the bug, the fix, and any verification done
+- if the change is security-related, describe the faulty path precisely
+- if multiple root causes exist, prefer separate commits
+
+When I am asked to commit in this repository, default behavior should be:
+
+1. split unrelated changes into separate commits
+2. choose the narrowest prefix from the existing history
+3. write a short lowercase subject
+4. add a body for anything beyond trivial cleanup
+5. use `git commit -s` unless the user explicitly asks otherwise
+
+## Working rules for this repository
+
+- Do not touch unrelated untracked files in the worktree.
+- Be careful around parser and request lifecycle code. Many bugs surface later
+  in teardown, not at the first invalid input.
+- Prefer minimal targeted fixes over broad refactors unless requested.
+- When a bug crosses files, still group the commit by root cause, not by file.
+- For security fixes, verify behavior on the built binary, not only by code
+  inspection.

lib/monkey/CMakeLists.txt

@@ -23,7 +23,7 @@ endif()
 # Monkey Version
 set(MK_VERSION_MAJOR  1)
 set(MK_VERSION_MINOR  8)
-set(MK_VERSION_PATCH  6)
+set(MK_VERSION_PATCH  8)
 set(MK_VERSION_STR "${MK_VERSION_MAJOR}.${MK_VERSION_MINOR}.${MK_VERSION_PATCH}")
 
 # Output paths

lib/monkey/CONTRIBUTING.md

@@ -21,8 +21,10 @@ You have to pay attention to the code indentation, tabs are 4 spaces, spaces on
 
 When you commit your local changes in your repository (before to push to Github), we need you take care of the following:
 
- - Your principal commit message (one line subject) must be prefixed with the core section name, e.g: If you are adding a new but missing protocol feature it could be __HTTP: add new XYZ method__.
+ - Your principal commit message (one line subject) must be prefixed with the affected area name. Follow the style used in the existing history, e.g: `build: ...`, `core: ...`, `server: ...`, `server: http: ...`, `server: parser: ...`.
  - The Subject of the commit must not be longer than 80 characters.
+ - Keep the subject short and prefer lowercase wording after the prefix.
+ - Use the narrowest practical scope prefix for the change.
  - On the commit body, each line should not be longer than 80 characters.
  - On most of cases we want full description about what your patch is doing, the patch description should be self descriptive.. like for dummies. Do not assume everybody knows what you are doing and on each like do not exceed 80 characters.
  - When running the __git commit__ command, make sure you are using the __-s__ flag, that will add a Signed-off comment in the patch description.
@@ -31,19 +33,27 @@ Expanding a bit the example feature message we could use the following command:
 
 > $ git commit -a -s
 >
-> HTTP: add new XYZ method
+> server: http: add new xyz method
 >
-> This patch adds the missing XYZ method described in RCF2616 in the
+> This patch adds the missing XYZ method described in RFC2616 in the
 > section 12.4.x.a, it do not alter the core behavior but if the new
 > method is requested it will take care of the proper handling.
 >
-> the patch have been tested using tools A & B.
+> The patch has been tested using tools A & B.
 >
 > Signed-off-by: Your Name <your@email.com>
 
+Some recent examples from this repository are:
+
+ - `server: clean thread destroy on worker loop exit`
+ - `server: http: move initialization of request headers to request init`
+ - `server: parser: remove unnecessary index updater`
+ - `build: bump to v1.8.7`
+ - `core: event: Plug descriptor leaks in an error case.`
+
 If you want to see a real example, run the following command:
 
-> $ git log 4efbc11bafeb56fbe2b4f0f6925671630ce84125
+> $ git log --oneline --no-merges -20
 
 Your path/patches should be fully documented, that will make the review process faster for us, and a faster merge for you.
 

lib/monkey/include/monkey/mk_http_parser.h

@@ -389,7 +389,11 @@ int mk_http_parser_chunked_decode_buf(struct mk_http_parser *p,
 
 static inline int mk_http_parser_more(struct mk_http_parser *p, int len)
 {
-    if (abs(len - p->i) - 1 > 0) {
+    if (len <= 0 || p->i < 0) {
+        return MK_FALSE;
+    }
+
+    if ((p->i + 1) < len) {
         return MK_TRUE;
     }
 

lib/monkey/mk_core/mk_memory.c

@@ -52,6 +52,16 @@ char *mk_ptr_to_buf(mk_ptr_t p)
 {
     char *buf;
 
+    if (!p.data || p.len == 0) {
+        buf = mk_mem_alloc(1);
+        if (!buf) {
+            return NULL;
+        }
+
+        buf[0] = '\0';
+        return buf;
+    }
+
     buf = mk_mem_alloc(p.len + 1);
     if (!buf) return NULL;
 

lib/monkey/mk_server/mk_http.c

@@ -457,6 +457,10 @@ static int mk_http_range_parse(struct mk_http_request *sr)
     if ((sep_pos = mk_string_char_search(sr->range.data, '-', sr->range.len)) < 0)
         return -1;
 
+    if (sep_pos < eq_pos) {
+        return -1;
+    }
+
     len = sr->range.len;
     sh = &sr->headers;
 
@@ -476,10 +480,16 @@ static int mk_http_range_parse(struct mk_http_request *sr)
     /* =yyy-xxx */
     if ((eq_pos + 1 != sep_pos) && (len > sep_pos + 1)) {
         buffer = mk_string_copy_substr(sr->range.data, eq_pos + 1, sep_pos);
+        if (!buffer) {
+            return -1;
+        }
         sh->ranges[0] = (unsigned long) atol(buffer);
         mk_mem_free(buffer);
 
         buffer = mk_string_copy_substr(sr->range.data, sep_pos + 1, len);
+        if (!buffer) {
+            return -1;
+        }
         sh->ranges[1] = (unsigned long) atol(buffer);
         mk_mem_free(buffer);
 
@@ -493,6 +503,9 @@ static int mk_http_range_parse(struct mk_http_request *sr)
     /* =yyy- */
     if ((eq_pos + 1 != sep_pos) && (len == sep_pos + 1)) {
         buffer = mk_string_copy_substr(sr->range.data, eq_pos + 1, len);
+        if (!buffer) {
+            return -1;
+        }
         sr->headers.ranges[0] = (unsigned long) atol(buffer);
         mk_mem_free(buffer);
 
@@ -522,7 +535,16 @@ static int mk_http_directory_redirect_check(struct mk_http_session *cs,
         return 0;
     }
 
+    if (!sr->host.data || sr->host.len <= 0) {
+        mk_http_error(MK_CLIENT_BAD_REQUEST, cs, sr, server);
+        return -1;
+    }
+
     host = mk_ptr_to_buf(sr->host);
+    if (!host) {
+        mk_http_error(MK_CLIENT_BAD_REQUEST, cs, sr, server);
+        return -1;
+    }
 
     /*
      * Add ending slash to the location string
@@ -588,6 +610,9 @@ static inline char *mk_http_index_lookup(mk_ptr_t *path_base,
     }
 
     off = path_base->len;
+    if ((size_t) off >= buf_size) {
+        return NULL;
+    }
     memcpy(buf, path_base->data, off);
 
     mk_list_foreach(head, server->index_files) {
@@ -1138,15 +1163,27 @@ int mk_http_request_end(struct mk_http_session *cs, struct mk_server *server)
     ret = mk_http_parser_more(&cs->parser, cs->body_length);
     if (ret == MK_TRUE) {
         /* Our pipeline request limit is the same that our keepalive limit */
+        if (cs->parser.i < 0 ||
+            (unsigned int) (cs->parser.i + 1) >= cs->body_length) {
+            goto shutdown;
+        }
+
         cs->counter_connections++;
         len = (cs->body_length - cs->parser.i) -1;
+        if (len <= 0) {
+            goto shutdown;
+        }
         memmove(cs->body,
                 cs->body + cs->parser.i + 1,
                 len);
         cs->body_length = len;
 
         /* Prepare for next one */
-        sr = mk_list_entry_first(&cs->request_list, struct mk_http_request, _head);
+        if (mk_list_is_empty(&cs->request_list) == 0) {
+            cs->close_now = MK_TRUE;
+            goto shutdown;
+        }
+        sr = &cs->sr_fixed;
         mk_http_request_free(sr, server);
         mk_http_request_init(cs, sr, server);
         mk_http_parser_init(&cs->parser);
@@ -1626,9 +1663,10 @@ int mk_http_sched_done(struct mk_sched_conn *conn,
     struct mk_http_request *sr;
 
     session = mk_http_session_get(conn);
-    sr = mk_list_entry_first(&session->request_list,
-                             struct mk_http_request, _head);
-    mk_plugin_stage_run_40(session, sr, server);
+    if (mk_list_is_empty(&session->request_list) != 0) {
+        sr = &session->sr_fixed;
+        mk_plugin_stage_run_40(session, sr, server);
+    }
 
     return mk_http_request_end(session, server);
 }