I think it's easier to use a single snprintf call. Also drop a few
unnecessary parentheses.
Index: server_file.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/server_file.c,v
retrieving revision 1.71
diff -u -p -r1.71 server_file.c
--- server_file.c 27 Feb 2022 20:30:30 -0000 1.71
+++ server_file.c 28 Feb 2022 06:44:34 -0000
@@ -253,14 +253,11 @@ server_file_request(struct httpd *env, s
if (r != NULL && strstr(r->kv_value, "gzip") != NULL) {
/* append ".gz" to path and check existence */
- if (strlcpy(gzpath, path, sizeof(gzpath)) >=
- sizeof(gzpath) ||
- strlcat(gzpath, ".gz", sizeof(gzpath)) >=
- sizeof(gzpath))
+ ret = snprintf(gzpath, sizeof(gzpath), "%s.gz", path);
+ if (ret < 0 || (size_t)ret >= sizeof(gzpath))
goto abort;
-
- if ((access(gzpath, R_OK) == 0) &&
- (stat(gzpath, &gzst) == 0)) {
+ if (access(gzpath, R_OK) == 0 &&
+ stat(gzpath, &gzst) == 0) {
path = gzpath;
st = &gzst;
kv_add(&resp->http_headers,
