kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit 0cb983adc0b284be00adb62a852deda9d1b051aa
parent 27ec8a1d58282543c4da6ce2c68eb62e0bebde88
Author: Joris Vink <joris@coders.se>
Date:   Wed, 23 Apr 2014 16:29:58 +0200

Correct snprintf() usage

Diffstat:
src/http.c | 18++++++++++++------
src/utils.c | 6+++---
src/worker.c | 2+-
3 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/src/http.c b/src/http.c @@ -675,7 +675,7 @@ http_file_lookup(struct http_request *req, char *name, char **fname, int http_populate_multipart_form(struct http_request *req, int *v) { - int h, i, c; + int h, i, c, l; u_int32_t blen, slen, len; u_int8_t *s, *end, *e, *end_headers, *data; char *d, *val, *type, *boundary, *fname; @@ -708,9 +708,14 @@ http_populate_multipart_form(struct http_request *req, int *v) val++; slen = strlen(val); boundary = kore_malloc(slen + 3); - snprintf(boundary, slen + 3, "--%s", val); - slen = strlen(boundary); + l = snprintf(boundary, slen + 3, "--%s", val); + if (l == -1 || (size_t)l >= sizeof(boundary)) { + kore_mem_free(boundary); + kore_mem_free(type); + return (KORE_RESULT_ERROR); + } + slen = l; kore_mem_free(type); req->multipart_body = http_post_data_bytes(req, &blen); @@ -962,13 +967,14 @@ http_response_spdy(struct http_request *req, struct connection *c, struct spdy_header_block *hblock; char sbuf[512]; - snprintf(sbuf, sizeof(sbuf), "%d %s", status, http_status_text(status)); + (void)snprintf(sbuf, sizeof(sbuf), "%d %s", + status, http_status_text(status)); hblock = spdy_header_block_create(SPDY_HBLOCK_NORMAL); spdy_header_block_add(hblock, ":status", sbuf); spdy_header_block_add(hblock, ":version", "HTTP/1.1"); - snprintf(sbuf, sizeof(sbuf), "%s (%d.%d-%s)", + (void)snprintf(sbuf, sizeof(sbuf), "%s (%d.%d-%s)", KORE_NAME_STRING, KORE_VERSION_MAJOR, KORE_VERSION_MINOR, KORE_VERSION_STATE); spdy_header_block_add(hblock, ":server", sbuf); @@ -977,7 +983,7 @@ http_response_spdy(struct http_request *req, struct connection *c, spdy_header_block_add(hblock, ":allow", "get, post"); if (http_hsts_enable) { - snprintf(sbuf, sizeof(sbuf), + (void)snprintf(sbuf, sizeof(sbuf), "max-age=%" PRIu64, http_hsts_enable); spdy_header_block_add(hblock, ":strict-transport-security", sbuf); diff --git a/src/utils.c b/src/utils.c @@ -44,7 +44,7 @@ kore_debug_internal(char *file, int line, const char *fmt, ...) char buf[2048]; va_start(args, fmt); - vsnprintf(buf, sizeof(buf), fmt, args); + (void)vsnprintf(buf, sizeof(buf), fmt, args); va_end(args); printf("[%d] %s:%d - %s\n", kore_pid, file, line, buf); @@ -63,7 +63,7 @@ kore_log(int prio, const char *fmt, ...) char buf[2048]; va_start(args, fmt); - vsnprintf(buf, sizeof(buf), fmt, args); + (void)vsnprintf(buf, sizeof(buf), fmt, args); va_end(args); if (worker != NULL) @@ -424,7 +424,7 @@ fatal(const char *fmt, ...) char buf[2048]; va_start(args, fmt); - vsnprintf(buf, sizeof(buf), fmt, args); + (void)vsnprintf(buf, sizeof(buf), fmt, args); va_end(args); kore_log(LOG_ERR, "%s", buf); diff --git a/src/worker.c b/src/worker.c @@ -202,7 +202,7 @@ kore_worker_entry(struct kore_worker *kw) fatal("unable to drop privileges"); } - snprintf(buf, sizeof(buf), "kore [wrk %d]", kw->id); + (void)snprintf(buf, sizeof(buf), "kore [wrk %d]", kw->id); kore_platform_proctitle(buf); kore_platform_worker_setcpu(kw);