From 912cdfce47217c277649424f6d00f9688530a10d Mon Sep 17 00:00:00 2001
From: basicallygit <91993321+basicallygit@users.noreply.github.com>
Date: Mon, 22 Dec 2025 19:32:50 +0000
Subject: Null net pointers on free

---
 src/net/lua.c  |  2 ++
 src/net/util.c | 12 +++++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/net/lua.c b/src/net/lua.c
index 2e46943..d9f25de 100644
--- a/src/net/lua.c
+++ b/src/net/lua.c
@@ -187,6 +187,7 @@ int l_roll(lua_State* L){
   luaI_tsetv(L, 1, "files", files_idx);
 
   free(buffer);
+  buffer=NULL;
   lua_pushinteger(L, r);
   return 1;
 }
@@ -269,6 +270,7 @@ int l_sendfile(lua_State* L){
   }
 
   free(buffer);
+  buffer=NULL;
   fclose(fp);
 
   return 0;
diff --git a/src/net/util.c b/src/net/util.c
index 3b820c9..b63d33f 100644
--- a/src/net/util.c
+++ b/src/net/util.c
@@ -188,6 +188,7 @@ void http_build(str** _dest, int code, const char* code_det, char* header_vs, ch
   str_pushl(*_dest, content, len);
 
   free(dest);
+  dest=NULL;
 }
 
 /**
@@ -356,6 +357,7 @@ int match_param(char* path, char* match, parray_t* arr){
           memcpy(out, match + start, mi - start);
           parray_set(arr, name, out);
           free(name);
+          name=NULL;
         } else {
           mi++;
         }
@@ -368,6 +370,7 @@ int match_param(char* path, char* match, parray_t* arr){
     memcpy(out, match + start, mi - start);
     parray_set(arr, name, out);
     free(name);
+    name=NULL;
   }
 
   if(path[pi] != 0) for(; path[pi] == '*'; pi++);
@@ -450,6 +453,8 @@ void parse_mimetypes(){
     }
     free(mtype);
     free(type);
+    mtype=NULL;
+    type=NULL;
   }
 
   fclose(fp);
@@ -481,6 +486,7 @@ void _parse_mimetypes(){
     //check if the type has an associated file type
     if(buffer[i + type_len] == '\0' || buffer[i + type_len] == '\n'){
       free(type);
+      type=NULL;
       continue;
     }
     type = realloc(type, (type_len + 1) * sizeof * type);
@@ -511,9 +517,13 @@ void _parse_mimetypes(){
       }
     }
     free(file_type);
+    file_type=NULL;
 
     //printf("e: '%s'\n", type);
-    if(!used)free(type);
+    if(!used){
+      free(type);
+      type=NULL;
+    }
   }
   //printf("done\n");
 
-- 
cgit v1.2.3


From 1c6bbd9c688d51bc8883eea05319d50a592204d3 Mon Sep 17 00:00:00 2001
From: basicallygit <91993321+basicallygit@users.noreply.github.com>
Date: Tue, 23 Dec 2025 16:28:13 +0000
Subject: Add make hardened with hardened compiler flags

---
 makefile | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/makefile b/makefile
index 2dcdf4c..9988d03 100644
--- a/makefile
+++ b/makefile
@@ -12,6 +12,8 @@ endif
 
 CFLAGS := -D_GNU_SOURCE -Wall -fPIC -DGIT_COMMIT='$(GIT_COMMIT)' -DMAJOR_VERSION='$(MAJOR_VERSION)' `pkg-config --cflags lua$(version)`
 LFLAGS := -lm -shared -lcrypto -lssl
+HARDENING_CFLAGS := -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fstack-clash-protection
+HARDENING_LFLAGS := -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack
 LINKER := $(CC)
 
 TARGET := lullaby.so
@@ -34,6 +36,13 @@ all: $(TARGET)
 release: CFLAGS += -O3
 release: all
 
+hardened: CFLAGS += -O2
+ifneq ($(OS),Windows_NT)
+hardened: CFLAGS += $(HARDENING_CFLAGS)
+hardened: LFLAGS += $(HARDENING_LFLAGS)
+endif
+hardened: all
+
 .PHONY: install
 install::
 	mkdir $(INSTALL)$(install_version) -p
-- 
cgit v1.2.3