From 9b2d6274ff10053cf7a0e7ec7eee69af4eecffee Mon Sep 17 00:00:00 2001
From: Bob Farrell <git@bob.frl>
Date: Fri, 27 Sep 2024 18:27:22 +0100
Subject: [PATCH] Update http.zig

Resolves overflow vuln.
---
 build.zig.zon                      |  4 ++--
 src/jetzig/http/Headers.zig        | 16 ++++++++--------
 src/jetzig/http/MultipartQuery.zig |  2 +-
 src/jetzig/http/Request.zig        |  2 +-
 src/jetzig/testing/App.zig         | 14 +++++++++-----
 5 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/build.zig.zon b/build.zig.zon
index 387f8a5..208fc56 100644
--- a/build.zig.zon
+++ b/build.zig.zon
@@ -23,8 +23,8 @@
             .hash = "1220cebfcf6c63295819df92ec54abe62aad91b1d16666781194c29a7874bb7bbbda",
         },
         .httpz = .{
-            .url = "https://github.com/karlseguin/http.zig/archive/30195d6e668d1cb97630bab282d4ac7f147af607.tar.gz",
-            .hash = "12204f7c5a6b8a6988ab7cbccaf3c1c6199fbf423741412a607be8bde835fb4b8cc8",
+            .url = "https://github.com/karlseguin/http.zig/archive/da9e944de0be6e5c67ca711dd238ce82d81558b4.tar.gz",
+            .hash = "12201df692f62d526fdf94e6000cf8de2142edf27484887e2e8f1ec5db4c9b808e5c",
         },
     },
 
diff --git a/src/jetzig/http/Headers.zig b/src/jetzig/http/Headers.zig
index 89d3671..d34e4fa 100644
--- a/src/jetzig/http/Headers.zig
+++ b/src/jetzig/http/Headers.zig
@@ -5,14 +5,14 @@ const httpz = @import("httpz");
 const jetzig = @import("../../jetzig.zig");
 
 allocator: std.mem.Allocator,
-httpz_headers: *httpz.key_value.KeyValue,
+httpz_headers: *httpz.key_value.StringKeyValue,
 new_headers: std.ArrayList(Header),
 
 const Headers = @This();
 const Header = struct { name: []const u8, value: []const u8 };
 const max_bytes_header_name = jetzig.config.get(u8, "max_bytes_header_name");
 
-pub fn init(allocator: std.mem.Allocator, httpz_headers: *httpz.key_value.KeyValue) Headers {
+pub fn init(allocator: std.mem.Allocator, httpz_headers: *httpz.key_value.StringKeyValue) Headers {
     return .{
         .allocator = allocator,
         .httpz_headers = httpz_headers,
@@ -121,7 +121,7 @@ pub fn iterator(self: Headers) Iterator {
 
 test "append (deprecated)" {
     const allocator = std.testing.allocator;
-    var httpz_headers = try httpz.key_value.KeyValue.init(allocator, 10);
+    var httpz_headers = try httpz.key_value.StringKeyValue.init(allocator, 10);
     var headers = Headers.init(allocator, &httpz_headers);
     defer headers.deinit();
     try headers.append("foo", "bar");
@@ -130,7 +130,7 @@ test "append (deprecated)" {
 
 test "add" {
     const allocator = std.testing.allocator;
-    var httpz_headers = try httpz.key_value.KeyValue.init(allocator, 10);
+    var httpz_headers = try httpz.key_value.StringKeyValue.init(allocator, 10);
     var headers = Headers.init(allocator, &httpz_headers);
     defer headers.deinit();
     try headers.append("foo", "bar");
@@ -139,7 +139,7 @@ test "add" {
 
 test "get with multiple headers (bugfix regression test)" {
     const allocator = std.testing.allocator;
-    var httpz_headers = try httpz.key_value.KeyValue.init(allocator, 10);
+    var httpz_headers = try httpz.key_value.StringKeyValue.init(allocator, 10);
     var headers = Headers.init(allocator, &httpz_headers);
     defer headers.deinit();
     try headers.append("foo", "bar");
@@ -149,7 +149,7 @@ test "get with multiple headers (bugfix regression test)" {
 
 test "getAll" {
     const allocator = std.testing.allocator;
-    var httpz_headers = try httpz.key_value.KeyValue.init(allocator, 10);
+    var httpz_headers = try httpz.key_value.StringKeyValue.init(allocator, 10);
     var headers = Headers.init(allocator, &httpz_headers);
     defer headers.deinit();
     try headers.append("foo", "bar");
@@ -162,7 +162,7 @@ test "getAll" {
 
 test "add too many headers" {
     const allocator = std.testing.allocator;
-    var httpz_headers = try httpz.key_value.KeyValue.init(allocator, 10);
+    var httpz_headers = try httpz.key_value.StringKeyValue.init(allocator, 10);
     var headers = Headers.init(allocator, &httpz_headers);
     defer headers.deinit();
     for (0..10) |_| try headers.append("foo", "bar");
@@ -172,7 +172,7 @@ test "add too many headers" {
 
 test "case-insensitive matching" {
     const allocator = std.testing.allocator;
-    var httpz_headers = try httpz.key_value.KeyValue.init(allocator, 10);
+    var httpz_headers = try httpz.key_value.StringKeyValue.init(allocator, 10);
     var headers = Headers.init(allocator, &httpz_headers);
     defer headers.deinit();
     try headers.append("Content-Type", "bar");
diff --git a/src/jetzig/http/MultipartQuery.zig b/src/jetzig/http/MultipartQuery.zig
index a780069..9cb59de 100644
--- a/src/jetzig/http/MultipartQuery.zig
+++ b/src/jetzig/http/MultipartQuery.zig
@@ -5,7 +5,7 @@ const httpz = @import("httpz");
 const jetzig = @import("../../jetzig.zig");
 
 allocator: std.mem.Allocator,
-key_value: httpz.key_value.MultiFormKeyValue,
+key_value: *httpz.key_value.MultiFormKeyValue,
 
 const MultipartQuery = @This();
 
diff --git a/src/jetzig/http/Request.zig b/src/jetzig/http/Request.zig
index 70a56ee..6ee9c21 100644
--- a/src/jetzig/http/Request.zig
+++ b/src/jetzig/http/Request.zig
@@ -121,7 +121,7 @@ pub fn init(
         .allocator = allocator,
         .path = jetzig.http.Path.init(httpz_request.url.raw),
         .method = method,
-        .headers = jetzig.http.Headers.init(allocator, &httpz_request.headers),
+        .headers = jetzig.http.Headers.init(allocator, httpz_request.headers),
         .server = server,
         .response = response,
         .response_data = response_data,
diff --git a/src/jetzig/testing/App.zig b/src/jetzig/testing/App.zig
index a369616..e329c30 100644
--- a/src/jetzig/testing/App.zig
+++ b/src/jetzig/testing/App.zig
@@ -264,7 +264,7 @@ fn stubbedResponse(allocator: std.mem.Allocator) !httpz.Response {
         .conn = undefined,
         .pos = 0,
         .status = 200,
-        .headers = try keyValue(allocator, 32),
+        .headers = (try keyValue(allocator, 32)).*,
         .content_type = null,
         .arena = allocator,
         .written = false,
@@ -275,12 +275,16 @@ fn stubbedResponse(allocator: std.mem.Allocator) !httpz.Response {
     };
 }
 
-fn keyValue(allocator: std.mem.Allocator, max: usize) !httpz.key_value.KeyValue {
-    return try httpz.key_value.KeyValue.init(allocator, max);
+fn keyValue(allocator: std.mem.Allocator, max: usize) !*httpz.key_value.StringKeyValue {
+    const key_value = try allocator.create(httpz.key_value.StringKeyValue);
+    key_value.* = try httpz.key_value.StringKeyValue.init(allocator, max);
+    return key_value;
 }
 
-fn multiFormKeyValue(allocator: std.mem.Allocator, max: usize) !httpz.key_value.MultiFormKeyValue {
-    return try httpz.key_value.MultiFormKeyValue.init(allocator, max);
+fn multiFormKeyValue(allocator: std.mem.Allocator, max: usize) !*httpz.key_value.MultiFormKeyValue {
+    const key_value = try allocator.create(httpz.key_value.MultiFormKeyValue);
+    key_value.* = try httpz.key_value.MultiFormKeyValue.init(allocator, max);
+    return key_value;
 }
 
 fn createStore(allocator: std.mem.Allocator) !*jetzig.kv.Store {