From 565d6bf012015bb3fbfe3084e9c6789662cd1f78 Mon Sep 17 00:00:00 2001
From: Art Cancro <ajc@citadel.org>
Date: Mon, 27 Sep 2021 19:15:06 -0400
Subject: [PATCH] Added -Wno-format-truncation to the CFLAGS to make it shut up
 about calls to snprintf(), which are ALREADY BOUNDS CHECKED so it really
 needs to lighten up, Francis.

---
 webcit-ng/Makefile        |  2 +-
 webcit-ng/ctdl_commands.c | 14 +++-------
 webcit-ng/request.c       | 54 +++++++++++++++------------------------
 3 files changed, 25 insertions(+), 45 deletions(-)

diff --git a/webcit-ng/Makefile b/webcit-ng/Makefile
index 645e02606..6afe39a56 100644
--- a/webcit-ng/Makefile
+++ b/webcit-ng/Makefile
@@ -1,5 +1,5 @@
 OBJS := http.o main.o request.o ssl.o static.o tcp_sockets.o webserver.o ctdlclient.o admin_functions.o room_functions.o util.o caldav_reports.o messages.o ctdlfunctions.o ctdl_commands.o forum_view.o html2html.o text2html.o user_functions.o
-CFLAGS := -ggdb
+CFLAGS := -ggdb -Wno-format-truncation
 LDFLAGS := 
 
 # link
diff --git a/webcit-ng/ctdl_commands.c b/webcit-ng/ctdl_commands.c
index e10ade2af..d50885be9 100644
--- a/webcit-ng/ctdl_commands.c
+++ b/webcit-ng/ctdl_commands.c
@@ -14,11 +14,8 @@
 #include "webcit.h"
 
 
-/*
- * /ctdl/c/info returns a JSON representation of the output of an INFO command.
- */
-void serv_info(struct http_transaction *h, struct ctdlsession *c)
-{
+// /ctdl/c/info returns a JSON representation of the output of an INFO command.
+void serv_info(struct http_transaction *h, struct ctdlsession *c) {
 	char buf[1024];
 
 	ctdl_printf(c, "INFO");
@@ -93,11 +90,8 @@ void serv_info(struct http_transaction *h, struct ctdlsession *c)
 }
 
 
-/*
- * Dispatcher for paths starting with /ctdl/c/
- */
-void ctdl_c(struct http_transaction *h, struct ctdlsession *c)
-{
+// Dispatcher for paths starting with /ctdl/c/
+void ctdl_c(struct http_transaction *h, struct ctdlsession *c) {
 	if (!strcasecmp(h->uri, "/ctdl/c/info")) {
 		serv_info(h, c);
 	} else {
diff --git a/webcit-ng/request.c b/webcit-ng/request.c
index 22549c3ec..9f6966b23 100644
--- a/webcit-ng/request.c
+++ b/webcit-ng/request.c
@@ -1,11 +1,10 @@
-//
 // This module sits directly above the HTTP layer.  By the time we get here,
 // an HTTP request has been fully received and parsed.  Control is passed up
 // to this layer to actually perform the request.  We then fill in the response
 // and pass control back down to the HTTP layer to output the response back to
 // the client.
 //
-// Copyright (c) 1996-2018 by the citadel.org team
+// Copyright (c) 1996-2021 by the citadel.org team
 //
 // This program is open source software.  It runs great on the
 // Linux operating system (and probably elsewhere).  You can use,
@@ -20,11 +19,8 @@
 #include "webcit.h"
 
 
-/*
- * Not found!  Wowzers.
- */
-void do_404(struct http_transaction *h)
-{
+// Not found!  Wowzers.
+void do_404(struct http_transaction *h) {
 	h->response_code = 404;
 	h->response_string = strdup("NOT FOUND");
 	add_response_header(h, strdup("Content-type"), strdup("text/plain"));
@@ -33,21 +29,15 @@ void do_404(struct http_transaction *h)
 }
 
 
-/*
- * Precondition failed (such as if-match)
- */
-void do_412(struct http_transaction *h)
-{
+// Precondition failed (such as if-match)
+void do_412(struct http_transaction *h) {
 	h->response_code = 412;
 	h->response_string = strdup("PRECONDITION FAILED");
 }
 
 
-/*
- * We throw an HTTP error "502 bad gateway" when we need to connect to Citadel, but can't.
- */
-void do_502(struct http_transaction *h)
-{
+// We throw an HTTP error "502 bad gateway" when we need to connect to Citadel, but can't.
+void do_502(struct http_transaction *h) {
 	h->response_code = 502;
 	h->response_string = strdup("bad gateway");
 	add_response_header(h, strdup("Content-type"), strdup("text/plain"));
@@ -58,22 +48,16 @@ void do_502(struct http_transaction *h)
 }
 
 
-/*
- * Tell the client to authenticate using HTTP-AUTH (RFC 2617)
- */
-void request_http_authenticate(struct http_transaction *h)
-{
+// Tell the client to authenticate using HTTP-AUTH (RFC 2617)
+void request_http_authenticate(struct http_transaction *h) {
 	h->response_code = 401;
 	h->response_string = strdup("Unauthorized");
 	add_response_header(h, strdup("WWW-Authenticate"), strdup("Basic realm=\"Citadel Server\""));
 }
 
 
-/*
- * Easy and fun utility function to throw a redirect.
- */
-void http_redirect(struct http_transaction *h, char *to_where)
-{
+// Easy and fun utility function to throw a redirect.
+void http_redirect(struct http_transaction *h, char *to_where) {
 	syslog(LOG_DEBUG, "Redirecting to: %s", to_where);
 	h->response_code = 302;
 	h->response_string = strdup("Moved Temporarily");
@@ -84,11 +68,8 @@ void http_redirect(struct http_transaction *h, char *to_where)
 }
 
 
-/*
- * perform_request() is the entry point for *every* HTTP transaction.
- */
-void perform_request(struct http_transaction *h)
-{
+// perform_request() is the entry point for *every* HTTP transaction.
+void perform_request(struct http_transaction *h) {
 	struct ctdlsession *c;
 
 	// Determine which code path to take based on the beginning of the URI.
@@ -99,6 +80,7 @@ void perform_request(struct http_transaction *h)
 		do_404(h);
 		return;
 	}
+
 	// Right about here is where we should try to handle anything that doesn't start
 	// with the /ctdl/ prefix.
 	// Root (/) ...
@@ -107,6 +89,7 @@ void perform_request(struct http_transaction *h)
 		http_redirect(h, "/ctdl/s/index.html");
 		return;
 	}
+
 	// Legacy URI patterns (/readnew?gotoroom=xxx&start_reading_at=yyy) ...
 	// Direct room name (/my%20blog) ...
 
@@ -126,6 +109,7 @@ void perform_request(struct http_transaction *h)
 		do_404(h);
 		return;
 	}
+
 	// Anything below this line:
 	//      1. Is in the format of /ctdl/?/*
 	//      2. Requires a connection to a Citadel server.
@@ -135,6 +119,7 @@ void perform_request(struct http_transaction *h)
 		do_502(h);
 		return;
 	}
+
 	// WebDAV methods like OPTIONS and PROPFIND *require* a logged-in session,
 	// even if the Citadel server allows anonymous access.
 	if (IsEmptyStr(c->auth)) {
@@ -148,8 +133,8 @@ void perform_request(struct http_transaction *h)
 			return;
 		}
 	}
+
 	// Break down the URI by path and send the request to the appropriate part of the program.
-	//
 	switch (h->uri[6]) {
 	case 'a':		// /ctdl/a/ == RESTful path to admin functions
 		ctdl_a(h, c);
@@ -171,10 +156,11 @@ void perform_request(struct http_transaction *h)
 	if (!IsEmptyStr(c->auth)) {
 		char koekje[AUTH_MAX];
 		char *exp = http_datestring(time(NULL) + (86400 * 30));
-		snprintf(koekje, AUTH_MAX, "wcauth=%s; path=/ctdl/; Expires=%s", c->auth, exp);
+		snprintf(koekje, AUTH_MAX, "wcauth=%s; path=/ctdl/; Expires=%s", c->auth, exp);	// warn
 		free(exp);
 		add_response_header(h, strdup("Set-Cookie"), strdup(koekje));
 	}
+
 	// During development we are foiling the browser cache completely.  In production we'll be more selective.
 	add_response_header(h, strdup("Cache-Control"), strdup("no-store, must-revalidate"));
 	add_response_header(h, strdup("Pragma"), strdup("no-cache"));
-- 
2.39.2