diff options
| author |   benno <benno@openbsd.org> | 2015-07-31 00:10:51 +0000 |
|---|---|---|
| committer | benno <benno@openbsd.org> | 2015-07-31 00:10:51 +0000 |
| commit | 3323ac76870547a70e42477786ceeb8c4e70118b (patch) | |
| tree | 53c2de70ac5f943bdd076e989a478e80d1ec3e3d | |
| parent | fix pty permissions; patch from Nikolay Edigaryev; ok deraadt (diff) | |
| download | wireguard-openbsd-3323ac76870547a70e42477786ceeb8c4e70118b.tar.xz wireguard-openbsd-3323ac76870547a70e42477786ceeb8c4e70118b.zip | |
repair hsts header output, wrong format strings caused broken
Strict-Transport-Security headers. Add __format__ attribute to
kv_set() and kv_setkey() to make it easier to spot such problems.
Found by and fix from Donovan Watteau <tsoomi -AT- gmail -DOT- com>,
thanks for your help.
ok deraadt@
| -rw-r--r-- | usr.sbin/httpd/httpd.h | 6 | ||||
| -rw-r--r-- | usr.sbin/httpd/server_fcgi.c | 6 | ||||
| -rw-r--r-- | usr.sbin/httpd/server_http.c | 6 |
3 files changed, 9 insertions, 9 deletions
diff --git a/usr.sbin/httpd/httpd.h b/usr.sbin/httpd/httpd.h index 4060f3956e5..aafc4f49883 100644 --- a/usr.sbin/httpd/httpd.h +++ b/usr.sbin/httpd/httpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: httpd.h,v 1.94 2015/07/29 22:03:41 reyk Exp $ */ +/* $OpenBSD: httpd.h,v 1.95 2015/07/31 00:10:51 benno Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -635,8 +635,8 @@ u_int32_t prefixlen2mask(u_int8_t); int accept_reserve(int, struct sockaddr *, socklen_t *, int, volatile int *); struct kv *kv_add(struct kvtree *, char *, char *); -int kv_set(struct kv *, char *, ...); -int kv_setkey(struct kv *, char *, ...); +int kv_set(struct kv *, char *, ...) __attribute__((__format__ (printf, 2, 3))); +int kv_setkey(struct kv *, char *, ...) __attribute__((__format__ (printf, 2, 3))); void kv_delete(struct kvtree *, struct kv *); struct kv *kv_extend(struct kvtree *, struct kv *, char *); void kv_purge(struct kvtree *); diff --git a/usr.sbin/httpd/server_fcgi.c b/usr.sbin/httpd/server_fcgi.c index 68e98e506eb..c43b64f67e3 100644 --- a/usr.sbin/httpd/server_fcgi.c +++ b/usr.sbin/httpd/server_fcgi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server_fcgi.c,v 1.61 2015/07/29 22:03:41 reyk Exp $ */ +/* $OpenBSD: server_fcgi.c,v 1.62 2015/07/31 00:10:51 benno Exp $ */ /* * Copyright (c) 2014 Florian Obser <florian@openbsd.org> @@ -603,7 +603,7 @@ server_fcgi_header(struct client *clt, u_int code) return (-1); /* Add error codes */ - if (kv_setkey(&resp->http_pathquery, "%lu", code) == -1 || + if (kv_setkey(&resp->http_pathquery, "%u", code) == -1 || kv_set(&resp->http_pathquery, "%s", error) == -1) return (-1); @@ -640,7 +640,7 @@ server_fcgi_header(struct client *clt, u_int code) if ((cl = kv_add(&resp->http_headers, "Strict-Transport-Security", NULL)) == NULL || - kv_set(cl, "max-age=%d%s%s%s", srv_conf->hsts_max_age, + kv_set(cl, "max-age=%d%s%s", srv_conf->hsts_max_age, srv_conf->hsts_flags & HSTSFLAG_SUBDOMAINS ? "; includeSubDomains" : "", srv_conf->hsts_flags & HSTSFLAG_PRELOAD ? diff --git a/usr.sbin/httpd/server_http.c b/usr.sbin/httpd/server_http.c index 75e379ab49e..bb29358b597 100644 --- a/usr.sbin/httpd/server_http.c +++ b/usr.sbin/httpd/server_http.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server_http.c,v 1.95 2015/07/29 22:03:41 reyk Exp $ */ +/* $OpenBSD: server_http.c,v 1.96 2015/07/31 00:10:51 benno Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -1244,7 +1244,7 @@ server_response_http(struct client *clt, u_int code, return (-1); /* Add error codes */ - if (kv_setkey(&resp->http_pathquery, "%lu", code) == -1 || + if (kv_setkey(&resp->http_pathquery, "%u", code) == -1 || kv_set(&resp->http_pathquery, "%s", error) == -1) return (-1); @@ -1281,7 +1281,7 @@ server_response_http(struct client *clt, u_int code, if ((cl = kv_add(&resp->http_headers, "Strict-Transport-Security", NULL)) == NULL || - kv_set(cl, "max-age=%d%s%s%s", srv_conf->hsts_max_age, + kv_set(cl, "max-age=%d%s%s", srv_conf->hsts_max_age, srv_conf->hsts_flags & HSTSFLAG_SUBDOMAINS ? "; includeSubDomains" : "", srv_conf->hsts_flags & HSTSFLAG_PRELOAD ? |