[PATCH] cpukit/mghttpd/mongoose: Fix format truncation warning
Chris Johns
chrisj at rtems.org
Wed Sep 16 03:59:14 UTC 2020
On 15/9/20 7:06 pm, Aschref Ben-Thabet wrote:
> From: Aschref Ben Thabet <aschref.ben-thabet at embedded-brains.de>
>
> Taking care of the size of buffer to be copied and replace the unsafe
> snprintf() with memcpy().
> The reason why we get a warning on sprintf() is because memcpy() has a
> length parameter that limits how much memory you copy.
> For memcpy(), the input has to be terminated with a \0. If not, it will
> continue out of bounds.
> ---
> cpukit/mghttpd/mongoose.c | 24 ++++++++++++++++++------
> 1 file changed, 18 insertions(+), 6 deletions(-)
>
> diff --git a/cpukit/mghttpd/mongoose.c b/cpukit/mghttpd/mongoose.c
> index fb2bce7471..6db0bdb58e 100644
> --- a/cpukit/mghttpd/mongoose.c
> +++ b/cpukit/mghttpd/mongoose.c
> @@ -251,7 +251,7 @@ typedef struct DIR {
> #define INT64_FMT PRId64
> typedef int SOCKET;
> #define WINCDECL
> -
> +#define MIN(a, b)((a) < (b) ? (a) : (b))
> #endif // End of Windows and UNIX specific includes
>
> #ifndef HAVE_POLL
> @@ -1916,12 +1916,24 @@ static void convert_uri_to_file_name(struct mg_connection *conn, char *buf,
> // we can only do this if the browser declares support
> if ((accept_encoding = mg_get_header(conn, "Accept-Encoding")) != NULL) {
> if (strstr(accept_encoding,"gzip") != NULL) {
> - snprintf(gz_path, sizeof(gz_path), "%s.gz", buf);
> - if (mg_stat(conn, gz_path, filep)) {
> - filep->gzipped = 1;
> - return;
> + memcpy(gz_path, buf, MIN(strlen(buf) + 1, sizeof(gz_path)));
> + if (strlen(buf) > sizeof(gz_path) - 1)
> + strlcpy(gz_path + strlen(gz_path), ".gz", sizeof(gz_path) - strlen(gz_path));
> + /* else //to be reviewed /
Huh?
> + {
> + //memory allocation for gz.path with buf_size + .gz
We use C comments.
> + mount_path = malloc(strlen(buf) + 1 + sizeof(gz_path);
> + if (mount_path != NULL))
> + strlcpy(mount_path, ".gz", sizeof(mount_path));
> + }
> + snprintf(gz_path, sizeof(gz_path), "%s.gz", buf*)
> +*/
Sorry I am not reviewing these changes any more.
Chris
More information about the devel
mailing list