Utils: Replace stringtf with a type-safe version that can't overflow

This commit is contained in:
Peter Keresztes Schmidt 2021-03-05 22:24:33 +01:00 committed by Peter Keresztes Schmidt
parent 9e77324de4
commit 0796a2262e
4 changed files with 16 additions and 34 deletions

View File

@ -2,6 +2,7 @@ target_compile_options(zm-warning-interface
INTERFACE INTERFACE
-Wall -Wall
-Wextra -Wextra
-Wformat-security
-Wno-cast-function-type -Wno-cast-function-type
-Wno-type-limits -Wno-type-limits
-Wno-unused-parameter) -Wno-unused-parameter)

View File

@ -105,7 +105,7 @@ void RemoteCameraHttp::Initialise() {
request += stringtf( "User-Agent: %s/%s\r\n", config.http_ua, ZM_VERSION ); request += stringtf( "User-Agent: %s/%s\r\n", config.http_ua, ZM_VERSION );
request += stringtf( "Host: %s\r\n", host.c_str()); request += stringtf( "Host: %s\r\n", host.c_str());
if ( strcmp( config.http_version, "1.0" ) == 0 ) if ( strcmp( config.http_version, "1.0" ) == 0 )
request += stringtf( "Connection: Keep-Alive\r\n" ); request += "Connection: Keep-Alive\r\n";
if ( !auth.empty() ) if ( !auth.empty() )
request += stringtf( "Authorization: Basic %s\r\n", auth64.c_str() ); request += stringtf( "Authorization: Basic %s\r\n", auth64.c_str() );
request += "\r\n"; request += "\r\n";
@ -362,7 +362,7 @@ int RemoteCameraHttp::GetResponse() {
request += stringtf( "User-Agent: %s/%s\r\n", config.http_ua, ZM_VERSION ); request += stringtf( "User-Agent: %s/%s\r\n", config.http_ua, ZM_VERSION );
request += stringtf( "Host: %s\r\n", host.c_str()); request += stringtf( "Host: %s\r\n", host.c_str());
if ( strcmp( config.http_version, "1.0" ) == 0 ) if ( strcmp( config.http_version, "1.0" ) == 0 )
request += stringtf( "Connection: Keep-Alive\r\n" ); request += "Connection: Keep-Alive\r\n";
request += mAuthenticator->getAuthHeader( "GET", path.c_str() ); request += mAuthenticator->getAuthHeader( "GET", path.c_str() );
request += "\r\n"; request += "\r\n";
@ -738,7 +738,7 @@ int RemoteCameraHttp::GetResponse() {
request += stringtf("User-Agent: %s/%s\r\n", config.http_ua, ZM_VERSION); request += stringtf("User-Agent: %s/%s\r\n", config.http_ua, ZM_VERSION);
request += stringtf("Host: %s\r\n", host.c_str()); request += stringtf("Host: %s\r\n", host.c_str());
if ( strcmp(config.http_version, "1.0") == 0 ) if ( strcmp(config.http_version, "1.0") == 0 )
request += stringtf("Connection: Keep-Alive\r\n"); request += "Connection: Keep-Alive\r\n";
request += mAuthenticator->getAuthHeader("GET", path.c_str()); request += mAuthenticator->getAuthHeader("GET", path.c_str());
request += "\r\n"; request += "\r\n";

View File

@ -65,34 +65,6 @@ std::string replaceAll(std::string str, std::string from, std::string to) {
return str; return str;
} }
const std::string stringtf( const char *format, ... ) {
va_list ap;
char tempBuffer[8192];
std::string tempString;
va_start(ap, format);
vsnprintf(tempBuffer, sizeof(tempBuffer), format , ap);
va_end(ap);
tempString = tempBuffer;
return tempString;
}
const std::string stringtf(const std::string format, ...) {
va_list ap;
char tempBuffer[8192];
std::string tempString;
va_start(ap, format);
vsnprintf(tempBuffer, sizeof(tempBuffer), format.c_str(), ap);
va_end(ap);
tempString = tempBuffer;
return tempString;
}
bool startsWith(const std::string &haystack, const std::string &needle) { bool startsWith(const std::string &haystack, const std::string &needle) {
return ( haystack.substr(0, needle.length()) == needle ); return ( haystack.substr(0, needle.length()) == needle );
} }

View File

@ -23,8 +23,9 @@
#include <chrono> #include <chrono>
#include <ctime> #include <ctime>
#include <memory> #include <memory>
#include <sys/time.h> #include <stdexcept>
#include <string> #include <string>
#include <sys/time.h>
#include <vector> #include <vector>
typedef std::vector<std::string> StringVector; typedef std::vector<std::string> StringVector;
@ -33,8 +34,16 @@ std::string trimSpaces(const std::string &str);
std::string trimSet(std::string str, std::string trimset); std::string trimSet(std::string str, std::string trimset);
std::string replaceAll(std::string str, std::string from, std::string to); std::string replaceAll(std::string str, std::string from, std::string to);
const std::string stringtf( const char *format, ... ); template<typename... Args>
const std::string stringtf( const std::string &format, ... ); std::string stringtf(const std::string &format, Args... args) {
int size = snprintf(nullptr, 0, format.c_str(), args...) + 1; // Extra space for '\0'
if (size <= 0) {
throw std::runtime_error("Error during formatting.");
}
std::unique_ptr<char[]> buf(new char[size]);
snprintf(buf.get(), size, format.c_str(), args...);
return std::string(buf.get(), buf.get() + size - 1); // We don't want the '\0' inside
}
bool startsWith( const std::string &haystack, const std::string &needle ); bool startsWith( const std::string &haystack, const std::string &needle );
StringVector split( const std::string &string, const std::string &chars, int limit=0 ); StringVector split( const std::string &string, const std::string &chars, int limit=0 );