|
@@ -3074,7 +3074,7 @@ static int authorize(struct mg_connection *conn, struct file *filep)
|
|
|
/* Loop over passwords file */
|
|
|
p = (char *) filep->membuf;
|
|
|
while (mg_fgets(line, sizeof(line), filep, &p) != NULL) {
|
|
|
- if (sscanf(line, "%[^:]:%[^:]:%255s", f_user, f_domain, ha1) != 3) {
|
|
|
+ if (sscanf(line, "%255[^:]:%255[^:]:%255s", f_user, f_domain, ha1) != 3) {
|
|
|
continue;
|
|
|
}
|
|
|
|
|
@@ -3195,7 +3195,7 @@ int mg_modify_passwords_file(const char *fname, const char *domain,
|
|
|
|
|
|
/* Copy the stuff to temporary file */
|
|
|
while (fgets(line, sizeof(line), fp) != NULL) {
|
|
|
- if (sscanf(line, "%[^:]:%[^:]:%*s", u, d) != 2) {
|
|
|
+ if (sscanf(line, "%255[^:]:%255[^:]:%*s", u, d) != 2) {
|
|
|
continue;
|
|
|
}
|
|
|
|
|
@@ -4397,23 +4397,23 @@ static void send_ssi_file(struct mg_connection *, const char *,
|
|
|
static void do_ssi_include(struct mg_connection *conn, const char *ssi,
|
|
|
char *tag, int include_level)
|
|
|
{
|
|
|
- char file_name[MG_BUF_LEN], path[PATH_MAX], *p;
|
|
|
+ char file_name[MG_BUF_LEN], path[512], *p;
|
|
|
struct file file = STRUCT_FILE_INITIALIZER;
|
|
|
size_t len;
|
|
|
|
|
|
/* sscanf() is safe here, since send_ssi_file() also uses buffer
|
|
|
of size MG_BUF_LEN to get the tag. So strlen(tag) is
|
|
|
always < MG_BUF_LEN. */
|
|
|
- if (sscanf(tag, " virtual=\"%[^\"]\"", file_name) == 1) {
|
|
|
+ if (sscanf(tag, " virtual=\"%511[^\"]\"", file_name) == 1) {
|
|
|
/* File name is relative to the webserver root */
|
|
|
(void) mg_snprintf(conn, path, sizeof(path), "%s%c%s",
|
|
|
conn->ctx->config[DOCUMENT_ROOT], '/', file_name);
|
|
|
- } else if (sscanf(tag, " abspath=\"%[^\"]\"", file_name) == 1) {
|
|
|
+ } else if (sscanf(tag, " abspath=\"%511[^\"]\"", file_name) == 1) {
|
|
|
/* File name is relative to the webserver working directory
|
|
|
or it is absolute system path */
|
|
|
(void) mg_snprintf(conn, path, sizeof(path), "%s", file_name);
|
|
|
- } else if (sscanf(tag, " file=\"%[^\"]\"", file_name) == 1 ||
|
|
|
- sscanf(tag, " \"%[^\"]\"", file_name) == 1) {
|
|
|
+ } else if (sscanf(tag, " file=\"%511[^\"]\"", file_name) == 1 ||
|
|
|
+ sscanf(tag, " \"%511[^\"]\"", file_name) == 1) {
|
|
|
/* File name is relative to the currect document */
|
|
|
(void) mg_snprintf(conn, path, sizeof(path), "%s", ssi);
|
|
|
if ((p = strrchr(path, '/')) != NULL) {
|
|
@@ -4444,10 +4444,10 @@ static void do_ssi_include(struct mg_connection *conn, const char *ssi,
|
|
|
#if !defined(NO_POPEN)
|
|
|
static void do_ssi_exec(struct mg_connection *conn, char *tag)
|
|
|
{
|
|
|
- char cmd[MG_BUF_LEN] = "";
|
|
|
+ char cmd[1024] = "";
|
|
|
struct file file = STRUCT_FILE_INITIALIZER;
|
|
|
|
|
|
- if (sscanf(tag, " \"%[^\"]\"", cmd) != 1) {
|
|
|
+ if (sscanf(tag, " \"%1023[^\"]\"", cmd) != 1) {
|
|
|
mg_cry(conn, "Bad SSI #exec: [%s]", tag);
|
|
|
} else if ((file.fp = popen(cmd, "r")) == NULL) {
|
|
|
mg_cry(conn, "Cannot SSI #exec: [%s]: %s", cmd, strerror(ERRNO));
|
|
@@ -5637,7 +5637,7 @@ static int parse_port_string(const struct vec *vec, struct socket *so)
|
|
|
port = len = 0; /* Parsing failure. Make port invalid. */
|
|
|
}
|
|
|
|
|
|
- assert((len>=0) && (len<=vec->len)); /* sscanf and the option splitting code ensure this condition */
|
|
|
+ assert((len>=0) && ((unsigned)len<=(unsigned)vec->len)); /* sscanf and the option splitting code ensure this condition */
|
|
|
ch = vec->ptr[len]; /* Next character after the port number */
|
|
|
so->is_ssl = ch == 's';
|
|
|
so->ssl_redir = ch == 'r';
|