39c1c15163cf86529fdcb102535f639da0bd89f5 galt Sun Feb 5 00:04:41 2017 -0800 Dealing with warnings messages that overflow the 1024 limit buffer. Fullsize warning message still appears in the error log. diff --git src/lib/htmshell.c src/lib/htmshell.c index 1345864..c19528b 100644 --- src/lib/htmshell.c +++ src/lib/htmshell.c @@ -37,38 +37,42 @@ { NoEscape = TRUE; } void htmlDoEscape() { NoEscape = FALSE; } void htmlVaEncodeErrorText(char *format, va_list args) /* Write an error message encoded against XSS. */ { va_list argscp; va_copy(argscp, args); char warning[1024]; -int sz = vaHtmlSafefNoAbort(warning, sizeof(warning), format, args, TRUE, FALSE); -if (sz < 0) - { - safecpy(warning, sizeof(warning), "Low level error in htmlSafef. See error logs for details."); - vfprintf(stderr, format, args); - fprintf(stderr, "\n"); - fflush(stderr); - } + +struct dyString *ds = newDyString(1024); +vaHtmlDyStringPrintf(ds, format, args); +int n = ds->stringSize; +int nLimit = sizeof(warning) - 1; +if (ds->stringSize > nLimit) + n = nLimit; +safencpy(warning, sizeof warning, ds->string, n); +if (ds->stringSize > nLimit) + strcpy(warning+n-5,"[...]"); // indicated trucation +freeDyString(&ds); + fprintf(stdout, "%s\n", warning); /* write warning/error message to stderr so they get logged. */ vfprintf(stderr, format, argscp); fprintf(stderr, "\n"); fflush(stderr); va_end(argscp); } void htmlVaParagraph(char *line, va_list args) /* Print a line in it's own paragraph. */ { fputs("
", stdout); vfprintf(stdout, line, args); fputs("
\n", stdout); @@ -608,35 +612,40 @@ dyStringPrintf(dy,"window.onunload = function(){}; // Trick to avoid FF back button issue.\n"); jsInline(dy->string); dyStringFree(&dy); } void htmlVaWarn(char *format, va_list args) /* Write an error message. */ { va_list argscp; va_copy(argscp, args); htmlWarnBoxSetup(stdout); // sets up the warnBox if it hasn't already been done. char warning[1024]; // html-encode arguments to fight XSS -int sz = vaHtmlSafefNoAbort(warning, sizeof(warning), format, args, TRUE, FALSE); -if (sz < 0) - { - safecpy(warning, sizeof(warning), "Low level error in htmlSafef. See error logs for details."); - } +struct dyString *ds = newDyString(1024); +vaHtmlDyStringPrintf(ds, format, args); +int n = ds->stringSize; +int nLimit = sizeof(warning) - 1; +if (ds->stringSize > nLimit) + n = nLimit; +safencpy(warning, sizeof warning, ds->string, n); +if (ds->stringSize > nLimit) + strcpy(warning+n-5,"[...]"); // show truncation +freeDyString(&ds); // Replace newlines with BR tag char *warningBR = htmlWarnEncode(warning); // Javascript-encode the entire message because it is // going to appear as a javascript string literal // as it gets appended to the warnList html. // JS-encoding here both allows us to use any character in the message // and keeps js-encodings in events like onmouseover="stuff %s|js| stuff" secure. char *jsEncodedMessage = javascriptEncode (warningBR); freeMem(warningBR); struct dyString *dy = dyStringNew(2048); dyStringPrintf(dy, "showWarnBox();" "var warnList=document.getElementById('warnList');"