From 91fcac34ac014a565fdd6312de088d312b5ba7ec Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Sun, 16 Jun 2019 22:24:36 +0200 Subject: [PATCH] uhttpd: Fix multiple format string problems After format string checks were activated in libubox the compiler started to complain about multiple missuses in uhttpd. This fixes the format strings without changing the behavior. blobmsg_get_string() just checks if the parameter is not NULL and then calls blobmsg_data() and casts the result. I think non of these problem is security relevant. Signed-off-by: Hauke Mehrtens --- proc.c | 3 ++- ubus.c | 4 ++-- utils.c | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/proc.c b/proc.c index 88ec31e..1d63d86 100644 --- a/proc.c +++ b/proc.c @@ -232,7 +232,8 @@ static void proc_handle_header_end(struct relay *r) uloop_timeout_cancel(&p->timeout); uh_http_header(cl, cl->dispatch.proc.status_code, cl->dispatch.proc.status_msg); blob_for_each_attr(cur, cl->dispatch.proc.hdr.head, rem) - ustream_printf(cl->us, "%s: %s\r\n", blobmsg_name(cur), blobmsg_data(cur)); + ustream_printf(cl->us, "%s: %s\r\n", blobmsg_name(cur), + blobmsg_get_string(cur)); ustream_printf(cl->us, "\r\n"); diff --git a/ubus.c b/ubus.c index f7d1f11..8cfbd97 100644 --- a/ubus.c +++ b/ubus.c @@ -144,11 +144,11 @@ static void uh_ubus_add_cors_headers(struct client *cl) } ustream_printf(cl->us, "Access-Control-Allow-Origin: %s\r\n", - blobmsg_data(tb[HDR_ORIGIN])); + blobmsg_get_string(tb[HDR_ORIGIN])); if (tb[HDR_ACCESS_CONTROL_REQUEST_HEADERS]) ustream_printf(cl->us, "Access-Control-Allow-Headers: %s\r\n", - blobmsg_data(tb[HDR_ACCESS_CONTROL_REQUEST_HEADERS])); + blobmsg_get_string(tb[HDR_ACCESS_CONTROL_REQUEST_HEADERS])); ustream_printf(cl->us, "Access-Control-Allow-Methods: POST, OPTIONS\r\n"); ustream_printf(cl->us, "Access-Control-Allow-Credentials: true\r\n"); diff --git a/utils.c b/utils.c index d990d7d..142a410 100644 --- a/utils.c +++ b/utils.c @@ -47,7 +47,7 @@ void uh_chunk_write(struct client *cl, const void *data, int len) ustream_printf(cl->us, "%X\r\n", len); ustream_write(cl->us, data, len, true); if (chunked) - ustream_printf(cl->us, "\r\n", len); + ustream_printf(cl->us, "\r\n"); } void uh_chunk_vprintf(struct client *cl, const char *format, va_list arg) @@ -74,7 +74,7 @@ void uh_chunk_vprintf(struct client *cl, const char *format, va_list arg) ustream_write(cl->us, buf, len, true); else ustream_vprintf(cl->us, format, arg); - ustream_printf(cl->us, "\r\n", len); + ustream_printf(cl->us, "\r\n"); } void uh_chunk_printf(struct client *cl, const char *format, ...) -- 2.25.1