Buffer overflow in client_error

[nezza]

After having a quick look at the code I think you should put a big warning on the README that this code is not at all ready for anything that listens on a public port. Besides the stack overflow that was already reported by MagicalTux there's also this code which will cause a bufferoverflow if msg & longmsg are too long:

void client_error(int fd, int status, char *msg, char *longmsg){
    char buf[MAXLINE];
    sprintf(buf, "HTTP/1.1 %d %s\r\n", status, msg);
    sprintf(buf + strlen(buf),
            "Content-length: %lu\r\n\r\n", strlen(longmsg));
    sprintf(buf + strlen(buf), "%s", longmsg);
    writen(fd, buf, strlen(buf));
}

Pretty sure this is not the only problem remaining.

[MagicalTux]

Should be using nprintf()

[nezza]

And how is nprintf more secure?

[MagicalTux]

nprintf() dynamically allocates buffer space to fit the whole string and will not overflow the buffer.

[nezza]

nprintf() NOW dynamically allocates buffer space. As you know. Because you fixed it. #14