uhttpd: Fix multiple format string problems
authorHauke Mehrtens <hauke@hauke-m.de>
Sun, 16 Jun 2019 20:24:36 +0000 (22:24 +0200)
committerHauke Mehrtens <hauke@hauke-m.de>
Sun, 16 Jun 2019 20:41:26 +0000 (22:41 +0200)
After format string checks were activated in libubox the compiler
started to complain about multiple missuses in uhttpd. This fixes the
format strings without changing the behavior.

blobmsg_get_string() just checks if the parameter is not NULL and then
calls blobmsg_data() and casts the result.

I think non of these problem is security relevant.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
proc.c
ubus.c
utils.c

diff --git a/proc.c b/proc.c
index 88ec31ea8caedff8b1cff5a85cdad2bfbe56f6bb..1d63d869135f7520d6485e0bff769652ad06d638 100644 (file)
--- a/proc.c
+++ b/proc.c
@@ -232,7 +232,8 @@ static void proc_handle_header_end(struct relay *r)
        uloop_timeout_cancel(&p->timeout);
        uh_http_header(cl, cl->dispatch.proc.status_code, cl->dispatch.proc.status_msg);
        blob_for_each_attr(cur, cl->dispatch.proc.hdr.head, rem)
-               ustream_printf(cl->us, "%s: %s\r\n", blobmsg_name(cur), blobmsg_data(cur));
+               ustream_printf(cl->us, "%s: %s\r\n", blobmsg_name(cur),
+                              blobmsg_get_string(cur));
 
        ustream_printf(cl->us, "\r\n");
 
diff --git a/ubus.c b/ubus.c
index f7d1f11a15037839ff1c46656ad11a37985cb623..8cfbd97968351edb75bb9c86815606059d8e8113 100644 (file)
--- a/ubus.c
+++ b/ubus.c
@@ -144,11 +144,11 @@ static void uh_ubus_add_cors_headers(struct client *cl)
        }
 
        ustream_printf(cl->us, "Access-Control-Allow-Origin: %s\r\n",
-                      blobmsg_data(tb[HDR_ORIGIN]));
+                      blobmsg_get_string(tb[HDR_ORIGIN]));
 
        if (tb[HDR_ACCESS_CONTROL_REQUEST_HEADERS])
                ustream_printf(cl->us, "Access-Control-Allow-Headers: %s\r\n",
-                              blobmsg_data(tb[HDR_ACCESS_CONTROL_REQUEST_HEADERS]));
+                              blobmsg_get_string(tb[HDR_ACCESS_CONTROL_REQUEST_HEADERS]));
 
        ustream_printf(cl->us, "Access-Control-Allow-Methods: POST, OPTIONS\r\n");
        ustream_printf(cl->us, "Access-Control-Allow-Credentials: true\r\n");
diff --git a/utils.c b/utils.c
index d990d7dfd2bee38ac13db87ddffb452a14836e0f..142a410ff6915b69d3a3a0ef0ebb9d8746e2c4b8 100644 (file)
--- a/utils.c
+++ b/utils.c
@@ -47,7 +47,7 @@ void uh_chunk_write(struct client *cl, const void *data, int len)
                ustream_printf(cl->us, "%X\r\n", len);
        ustream_write(cl->us, data, len, true);
        if (chunked)
-               ustream_printf(cl->us, "\r\n", len);
+               ustream_printf(cl->us, "\r\n");
 }
 
 void uh_chunk_vprintf(struct client *cl, const char *format, va_list arg)
@@ -74,7 +74,7 @@ void uh_chunk_vprintf(struct client *cl, const char *format, va_list arg)
                ustream_write(cl->us, buf, len, true);
        else
                ustream_vprintf(cl->us, format, arg);
-       ustream_printf(cl->us, "\r\n", len);
+       ustream_printf(cl->us, "\r\n");
 }
 
 void uh_chunk_printf(struct client *cl, const char *format, ...)