Commit 7dfd1a1d authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

Fix format string injection in the Connection field for HTTP-served files

(affects HTTP interface and LUA plus HTTP export for DVB and RTP)
parent ad407ff3
......@@ -437,7 +437,7 @@ httpd_FileCallBack( httpd_callback_sys_t *p_sys, httpd_client_t *cl,
psz_connection = httpd_MsgGet( &cl->query, "Connection" );
if( psz_connection != NULL )
{
httpd_MsgAdd( answer, "Connection", psz_connection );
httpd_MsgAdd( answer, "Connection", "%s", psz_connection );
}
httpd_MsgAdd( answer, "Content-Length", "%d", answer->i_body );
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment