From 1292992f6ff690f228da9e31a54f5474f278cdf2 Mon Sep 17 00:00:00 2001
From: Ron Pedde <ron@pedde.com>
Date: Sun, 21 Oct 2007 22:51:01 +0000
Subject: [PATCH] Fix for format string vulnerability, reported as
 UnprotectedHex.com advisory UPH-07-03 by nnp (no CVE yet)

---
 src/webserver.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/webserver.c b/src/webserver.c
index 3df449d4..514bf7b3 100644
--- a/src/webserver.c
+++ b/src/webserver.c
@@ -1134,8 +1134,8 @@ void *ws_dispatcher(void *arg) {
                 if((auth) && (ws_decodepassword(auth,&username, &password))) {
                     if(auth_handler(pwsc,username,password))
                         can_dispatch=1;
-                    ws_addarg(&pwsc->request_vars,"HTTP_USER",username);
-                    ws_addarg(&pwsc->request_vars,"HTTP_PASSWD",password);
+                    ws_addarg(&pwsc->request_vars,"HTTP_USER","%s",username);
+                    ws_addarg(&pwsc->request_vars,"HTTP_PASSWD","%s",password);
                     free(username); /* this frees password too */
                 }