diff -r cf91a3a20d0d -r 7b134c27fadb main/task_http.c --- a/main/task_http.c Sun May 19 21:05:07 2019 +0200 +++ b/main/task_http.c Mon Jul 01 23:15:49 2019 +0200 @@ -61,7 +61,7 @@ */ static void http_sendfile(struct netconn *conn, char *url, char *mod_since, char *ipstr) { - char temp_url[128], temp_url_gz[128], header[128], c_type[32]; + char temp_url[128], temp_url_gz[132], header[256], c_type[32]; struct stat st; off_t filesize; size_t sentsize; @@ -85,7 +85,7 @@ break; } } - sprintf(temp_url_gz, "%s.gz", temp_url); + snprintf(temp_url_gz, 131, "%s.gz", temp_url); /* * Get filesize and date for the response headers. @@ -131,7 +131,7 @@ } if (f == NULL) { ESP_LOGI(TAG, "%s url \'%s\' file \'%s\' not found", ipstr, url, temp_url); - http_error(conn, 404, "Not found", "Not found"); + http_error(conn, 404, (char *)"Not found", (char *)"Not found"); return; } @@ -168,9 +168,9 @@ sprintf(header, "HTTP/1.1 200 OK\r\nContent-type: %s\r\n", c_type); } if (send_gz) { - sprintf(header, "%sContent-Encoding: gzip\r\n", header); + strncat(header, "Content-Encoding: gzip\r\n", 255 - strlen(header)); } - sprintf(header, "%s\r\n", header); // Add last empty line. + strncat(header, "\r\n", 255 - strlen(header)); // Add last empty line. err = netconn_write(conn, header, strlen(header), NETCONN_NOCOPY); if (err != ERR_OK) { ESP_LOGE(TAG, "%s sendfile %s%s err=%d on header write", ipstr, temp_url, (send_gz) ? ".gz":"", err); @@ -373,7 +373,8 @@ struct stat st; bool comma = false; while (de) { - sprintf(temp, "/sdcard/w/log/%s", de->d_name); + snprintf(temp, 63, "/sdcard/w/log/"); + strncat(temp, de->d_name, 63 - strlen(temp)); if (stat(temp, &st) == ESP_OK) { fprintf(dest, "%s{\"File\":\"%s\",\"Size\":%ld,\"Date\":%ld}", (comma)?",":"", de->d_name, st.st_size, st.st_mtime); comma = true; @@ -390,7 +391,7 @@ } else { ESP_LOGE(TAG, "Error %d write /spiffs/w/logfiles.json", errno); } - http_sendfile(conn, "/logfiles.json", NULL, ipstr); + http_sendfile(conn, (char *)"/logfiles.json", NULL, ipstr); netconn_close(conn); netconn_delete(conn); netbuf_delete(inbuf); @@ -421,7 +422,7 @@ // websocket for web UI. if ((strstr(buf,"GET /ws ") && strstr(buf,"Upgrade: websocket"))) { - int nr = ws_server_add_client_protocol(conn, buf, buflen, "/ws", "binary", websock_callback); + int nr = ws_server_add_client_protocol(conn, buf, buflen, (char *)"/ws", (char *)"binary", websock_callback); ESP_LOGI(TAG, "%s new websocket on /ws client: %d", ipstr, nr); netbuf_delete(inbuf); TFTstartWS(nr); @@ -435,9 +436,9 @@ if (strstr(buf, "GET /")) { ESP_LOGI(TAG, "%s request: %s", ipstr, buf); - http_error(conn, 404, "Not found", "Not found"); + http_error(conn, 404, (char *)"Not found", (char *)"Not found"); } else { - http_error(conn, 405, "Invalid method", "Invalid method"); + http_error(conn, 405, (char *)"Invalid method", (char *)"Invalid method"); } }