Hi Donovan, thanks for your help, i committed this.
/Benno Donovan Watteau(tso...@gmail.com) on 2015.07.30 22:32:41 +0200: > Hi, > > I was playing a bit with httpd(8) new "hsts" setting when some > trivial tests with Firefox would sometimes give the following error: > > The site specified an invalid Strict-Transport-Security header. > > Some pages would also load and reload a few times before appearing in > the browser. > > curl would show something strange. > > $ curl -s -D- https://www.example.com/ | grep ^Strict > Strict-Transport-Security: max-age=31536000; includeSubDomains?? > ^^ > random junk > > It looks like there were some wrong calls to kv_set() and kv_setkey(), > which were easier to find with some __printf__ attributes. > > The following diff is an attempt at fixing these. > > Cheers. > > Index: httpd.h > =================================================================== > RCS file: /cvs/src/usr.sbin/httpd/httpd.h,v > retrieving revision 1.94 > diff -u -p -u -r1.94 httpd.h > --- httpd.h 29 Jul 2015 22:03:41 -0000 1.94 > +++ httpd.h 30 Jul 2015 20:17:35 -0000 > @@ -635,8 +635,8 @@ u_int32_t prefixlen2mask(u_int8_t); > int accept_reserve(int, struct sockaddr *, socklen_t *, int, > volatile int *); > struct kv *kv_add(struct kvtree *, char *, char *); > -int kv_set(struct kv *, char *, ...); > -int kv_setkey(struct kv *, char *, ...); > +int kv_set(struct kv *, char *, ...) __attribute__((__format__ > (printf, 2, 3))); > +int kv_setkey(struct kv *, char *, ...) __attribute__((__format__ > (printf, 2, 3))); > void kv_delete(struct kvtree *, struct kv *); > struct kv *kv_extend(struct kvtree *, struct kv *, char *); > void kv_purge(struct kvtree *); > Index: server_fcgi.c > =================================================================== > RCS file: /cvs/src/usr.sbin/httpd/server_fcgi.c,v > retrieving revision 1.61 > diff -u -p -u -r1.61 server_fcgi.c > --- server_fcgi.c 29 Jul 2015 22:03:41 -0000 1.61 > +++ server_fcgi.c 30 Jul 2015 20:17:35 -0000 > @@ -603,7 +603,7 @@ server_fcgi_header(struct client *clt, u > return (-1); > > /* Add error codes */ > - if (kv_setkey(&resp->http_pathquery, "%lu", code) == -1 || > + if (kv_setkey(&resp->http_pathquery, "%u", code) == -1 || > kv_set(&resp->http_pathquery, "%s", error) == -1) > return (-1); > > @@ -640,7 +640,7 @@ server_fcgi_header(struct client *clt, u > if ((cl = > kv_add(&resp->http_headers, "Strict-Transport-Security", > NULL)) == NULL || > - kv_set(cl, "max-age=%d%s%s%s", srv_conf->hsts_max_age, > + kv_set(cl, "max-age=%d%s%s", srv_conf->hsts_max_age, > srv_conf->hsts_flags & HSTSFLAG_SUBDOMAINS ? > "; includeSubDomains" : "", > srv_conf->hsts_flags & HSTSFLAG_PRELOAD ? > Index: server_http.c > =================================================================== > RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v > retrieving revision 1.95 > diff -u -p -u -r1.95 server_http.c > --- server_http.c 29 Jul 2015 22:03:41 -0000 1.95 > +++ server_http.c 30 Jul 2015 20:17:36 -0000 > @@ -1244,7 +1244,7 @@ server_response_http(struct client *clt, > return (-1); > > /* Add error codes */ > - if (kv_setkey(&resp->http_pathquery, "%lu", code) == -1 || > + if (kv_setkey(&resp->http_pathquery, "%u", code) == -1 || > kv_set(&resp->http_pathquery, "%s", error) == -1) > return (-1); > > @@ -1281,7 +1281,7 @@ server_response_http(struct client *clt, > if ((cl = > kv_add(&resp->http_headers, "Strict-Transport-Security", > NULL)) == NULL || > - kv_set(cl, "max-age=%d%s%s%s", srv_conf->hsts_max_age, > + kv_set(cl, "max-age=%d%s%s", srv_conf->hsts_max_age, > srv_conf->hsts_flags & HSTSFLAG_SUBDOMAINS ? > "; includeSubDomains" : "", > srv_conf->hsts_flags & HSTSFLAG_PRELOAD ? > --
