diff --git a/libupnp/README b/libupnp/README index c3f104a..7275c3a 100644 --- a/libupnp/README +++ b/libupnp/README @@ -2,6 +2,7 @@ Linux* SDK for UPnP* Devices (libupnp) Copyright (c) 2000-2003 Intel Corporation - All Rights Reserved. Copyright (c) 2005-2006 Rémi Turboult +Copyright (c) 2006 Michel Pfeiffer and others See LICENSE for details. @@ -118,6 +119,14 @@ All pieces of the SDK are configured and built from the $(LIBUPNP) directory. will build a version of the binaries without debug support, and with default options enabled (see below for options available at configure time). +% cd $(LIBUPNP) +% ./configure CFLAGS="-DSPARC_SOLARIS -mtune= -mcpu=" +% make + +will build a Sparc Solaris version of the binaries without debug support +and with default options enabled (see below for options available at +configure time). Please note: has to be replaced by a token that +fits to your platform and CPU (e.g. "supersparc"). To build the documentation, assuming all the necessary tools are installed (see section 3) : diff --git a/libupnp/ixml/src/ixmlparser.c b/libupnp/ixml/src/ixmlparser.c index 6a4ffb2..50400b7 100644 --- a/libupnp/ixml/src/ixmlparser.c +++ b/libupnp/ixml/src/ixmlparser.c @@ -1712,11 +1712,13 @@ Parser_xmlNamespace( IN Parser * xmlParser, if( pCur->namespaceUri != NULL ) { free( pCur->namespaceUri ); } - - pCur->namespaceUri = strdup( newNode->nodeValue ); - if( pCur->namespaceUri == NULL ) { - return IXML_INSUFFICIENT_MEMORY; - } +///here it goes to segfault on "" when not copying + if(newNode->nodeValue){ + pCur->namespaceUri = strdup( newNode->nodeValue ); + if( pCur->namespaceUri == NULL ) { + return IXML_INSUFFICIENT_MEMORY; + } + } } else if( strncmp( newNode->nodeName, "xmlns:", strlen( "xmlns:" ) ) == 0 ) { // namespace definition rc = Parser_setNodePrefixAndLocalName( newNode ); @@ -2458,7 +2460,8 @@ Parser_getNextNode( IN Parser * xmlParser, *bETag = TRUE; return IXML_SUCCESS; - } else if( xmlParser->state == eATTRIBUTE ) { + } else if( (xmlParser->state == eATTRIBUTE) && + (xmlParser->pCurElement != NULL) ) { if( Parser_processAttribute( xmlParser, node ) != IXML_SUCCESS ) { return IXML_SYNTAX_ERR; diff --git a/libupnp/ixml/src/node.c b/libupnp/ixml/src/node.c index a445de5..01e8d59 100644 --- a/libupnp/ixml/src/node.c +++ b/libupnp/ixml/src/node.c @@ -929,6 +929,7 @@ ixmlNode_cloneElement( IN IXML_Element * nodeptr ) rc = ixmlElement_setTagName( newElement, nodeptr->tagName ); if( rc != IXML_SUCCESS ) { ixmlElement_free( newElement ); + return NULL; } elementNode = ( IXML_Node * ) newElement; @@ -936,26 +937,31 @@ ixmlNode_cloneElement( IN IXML_Element * nodeptr ) rc = ixmlNode_setNodeName( elementNode, srcNode->nodeName ); if( rc != IXML_SUCCESS ) { ixmlElement_free( newElement ); + return NULL; } rc = ixmlNode_setNodeValue( elementNode, srcNode->nodeValue ); if( rc != IXML_SUCCESS ) { ixmlElement_free( newElement ); + return NULL; } rc = ixmlNode_setNamespaceURI( elementNode, srcNode->namespaceURI ); if( rc != IXML_SUCCESS ) { ixmlElement_free( newElement ); + return NULL; } rc = ixmlNode_setPrefix( elementNode, srcNode->prefix ); if( rc != IXML_SUCCESS ) { ixmlElement_free( newElement ); + return NULL; } rc = ixmlNode_setLocalName( elementNode, srcNode->localName ); if( rc != IXML_SUCCESS ) { ixmlElement_free( newElement ); + return NULL; } elementNode->nodeType = eELEMENT_NODE; @@ -1247,6 +1253,10 @@ ixmlNode_cloneNodeTree( IN IXML_Node * nodeptr, case eDOCUMENT_TYPE_NODE: case eDOCUMENT_FRAGMENT_NODE: case eNOTATION_NODE: +/* create a new node here? newNode = (IXML_Node *)malloc(sizeof(IXML_Node)); + if( newNode == NULL ) { + return NULL; + }*/ break; } diff --git a/libupnp/ixml/src/nodeList.c b/libupnp/ixml/src/nodeList.c index a7f5dbd..aadd158 100644 --- a/libupnp/ixml/src/nodeList.c +++ b/libupnp/ixml/src/nodeList.c @@ -75,6 +75,8 @@ ixmlNodeList_item( IXML_NodeList * nList, next = next->next; } + if( next == NULL ) return NULL; + return next->nodeItem; } diff --git a/libupnp/threadutil/src/iasnprintf.c b/libupnp/threadutil/src/iasnprintf.c index dd2bd16..1a8d03d 100644 --- a/libupnp/threadutil/src/iasnprintf.c +++ b/libupnp/threadutil/src/iasnprintf.c @@ -64,6 +64,8 @@ iasnprintf( char **ret, assert( fmt ); ( *ret ) = ( char * )malloc( incr ); + if( ( *ret ) == NULL ) return -1; + while( 1 ) { va_start( ap, fmt ); retc = vsnprintf( ( *ret ), size, fmt, ap ); diff --git a/libupnp/upnp/inc/upnp.h b/libupnp/upnp/inc/upnp.h index 0b71940..63cf506 100644 --- a/libupnp/upnp/inc/upnp.h +++ b/libupnp/upnp/inc/upnp.h @@ -50,6 +50,7 @@ #include +#define NUM_HANDLE 200 #define LINE_SIZE 180 #define NAME_SIZE 256 #define MNFT_NAME_SIZE 64 diff --git a/libupnp/upnp/src/api/upnpapi.c b/libupnp/upnp/src/api/upnpapi.c index 40764e6..59f57eb 100644 --- a/libupnp/upnp/src/api/upnpapi.c +++ b/libupnp/upnp/src/api/upnpapi.c @@ -2501,6 +2501,9 @@ UpnpSendAction( IN UpnpClient_Handle Hnd, DBGONLY( UpnpPrintf( UPNP_ALL, API, __FILE__, __LINE__, "Inside UpnpSendAction \n" ); ) + if(DevUDN_const !=NULL) + DBGONLY(UpnpPrintf(UPNP_ALL,API,__FILE__,__LINE__,"non NULL DevUDN is ignored\n");); + DevUDN_const = NULL; HandleLock( ); if( GetHandleInfo( Hnd, &SInfo ) != HND_CLIENT ) { @@ -2512,8 +2515,10 @@ UpnpSendAction( IN UpnpClient_Handle Hnd, if( ActionURL == NULL ) { return UPNP_E_INVALID_PARAM; } + if( ServiceType == NULL || Action == NULL || RespNodePtr == NULL || DevUDN_const != NULL ) { + return UPNP_E_INVALID_PARAM; } @@ -4237,6 +4242,7 @@ UpnpSetMaxContentLength ( ) { int errCode = UPNP_E_SUCCESS; + struct Handle_Info *HInfo = NULL; do { if( UpnpSdkInit != 1 ) { @@ -4244,10 +4250,25 @@ UpnpSetMaxContentLength ( break; } + HandleLock( ); + + errCode = GetHandleInfo( Hnd, &HInfo ); + + if( errCode != HND_DEVICE ) { + errCode = UPNP_E_INVALID_HANDLE; + break; + } + + if( contentLength > MAX_SOAP_CONTENT_LENGTH ) { + errCode = UPNP_E_OUTOF_BOUNDS; + break; + } + g_maxContentLength = contentLength; } while( 0 ); + HandleUnlock( ); return errCode; } diff --git a/libupnp/upnp/src/gena/gena_ctrlpt.c b/libupnp/upnp/src/gena/gena_ctrlpt.c index 0a2bbf8..81ed739 100644 --- a/libupnp/upnp/src/gena/gena_ctrlpt.c +++ b/libupnp/upnp/src/gena/gena_ctrlpt.c @@ -283,9 +283,11 @@ gena_subscribe( IN char *url, *sid = NULL; // init // request timeout to string - if( ( timeout == NULL ) || - ( ( *timeout > 0 ) - && ( *timeout < CP_MINIMUM_SUBSCRIPTION_TIME ) ) ) { + if ( timeout == NULL ) { + timeout = (int *)malloc(sizeof(int)); + if(timeout == 0) return UPNP_E_OUTOF_MEMORY; + sprintf( timeout_str, "%d", CP_MINIMUM_SUBSCRIPTION_TIME ); + } else if( ( *timeout > 0 )&& ( *timeout < CP_MINIMUM_SUBSCRIPTION_TIME ) ) { sprintf( timeout_str, "%d", CP_MINIMUM_SUBSCRIPTION_TIME ); } else if( *timeout >= 0 ) { sprintf( timeout_str, "%d", *timeout ); diff --git a/libupnp/upnp/src/genlib/client_table/client_table.c b/libupnp/upnp/src/genlib/client_table/client_table.c index 81741cf..1b6dd45 100644 --- a/libupnp/upnp/src/genlib/client_table/client_table.c +++ b/libupnp/upnp/src/genlib/client_table/client_table.c @@ -61,9 +61,13 @@ CLIENTONLY( int copy_client_subscription( client_subscription * in, memcpy( out->sid, in->sid, SID_SIZE ); out->sid[SID_SIZE] = 0; out->ActualSID = ( char * )malloc( len ); + if( out->ActualSID == NULL ) + return UPNP_E_OUTOF_MEMORY; out->EventURL = ( char * )malloc( len1 ); - if( ( out->EventURL == NULL ) || ( out->ActualSID == NULL ) ) - return UPNP_E_OUTOF_MEMORY; + if( out->EventURL == NULL ) { + free(out->ActualSID); + return UPNP_E_OUTOF_MEMORY; + } memcpy( out->ActualSID, in->ActualSID, len ); memcpy( out->EventURL, in->EventURL, len1 ); //copies do not get RenewEvent Ids or next diff --git a/libupnp/upnp/src/genlib/miniserver/miniserver.c b/libupnp/upnp/src/genlib/miniserver/miniserver.c index 150b0be..5255c15 100644 --- a/libupnp/upnp/src/genlib/miniserver/miniserver.c +++ b/libupnp/upnp/src/genlib/miniserver/miniserver.c @@ -783,11 +783,13 @@ StartMiniServer( unsigned short listen_port ) if( ( success = get_ssdp_sockets( miniSocket ) ) != UPNP_E_SUCCESS ) { - free( miniSocket ); shutdown( miniSocket->miniServerSock, SD_BOTH ); UpnpCloseSocket( miniSocket->miniServerSock ); shutdown( miniSocket->miniServerStopSock, SD_BOTH ); UpnpCloseSocket( miniSocket->miniServerStopSock ); + + free( miniSocket ); + return success; } diff --git a/libupnp/upnp/src/genlib/net/http/httpparser.c b/libupnp/upnp/src/genlib/net/http/httpparser.c index a2131e2..bc96a45 100644 --- a/libupnp/upnp/src/genlib/net/http/httpparser.c +++ b/libupnp/upnp/src/genlib/net/http/httpparser.c @@ -1684,6 +1684,7 @@ parser_parse_headers( INOUT http_parser_t * parser ) || membuffer_assign( &header->value, hdr_value.buf, hdr_value.length ) != 0 ) { // not enuf mem + free (header); parser->http_error_code = HTTP_INTERNAL_SERVER_ERROR; return PARSE_FAILURE; } @@ -1695,10 +1696,12 @@ parser_parse_headers( INOUT http_parser_t * parser ) ListAddTail( &parser->msg.headers, header ); //NNS: ret = dlist_append( &parser->msg.headers, header ); +/** remove that? */ if( ret == UPNP_E_OUTOF_MEMORY ) { parser->http_error_code = HTTP_INTERNAL_SERVER_ERROR; return PARSE_FAILURE; } +/** end of remove that? */ } else if( hdr_value.length > 0 ) { // // append value to existing header diff --git a/libupnp/upnp/src/genlib/net/http/httpreadwrite.c b/libupnp/upnp/src/genlib/net/http/httpreadwrite.c index 74bb476..8e9fb1e 100644 --- a/libupnp/upnp/src/genlib/net/http/httpreadwrite.c +++ b/libupnp/upnp/src/genlib/net/http/httpreadwrite.c @@ -854,7 +854,7 @@ http_WriteHttpPost( IN void *Handle, if( ( !handle ) || ( !size ) || ( ( ( *size ) > 0 ) && !buf ) || ( ( *size ) < 0 ) ) { - ( *size ) = 0; + if(size) ( *size ) = 0; return UPNP_E_INVALID_PARAM; } if( handle->contentLength == UPNP_USING_CHUNKED ) { @@ -864,6 +864,9 @@ http_WriteHttpPost( IN void *Handle, tempbuf = ( char * )malloc( ( *size ) + CHUNK_HEADER_SIZE + CHUNK_TAIL_SIZE ); + + if ( tempbuf == NULL) return UPNP_E_OUTOF_MEMORY; + sprintf( tempbuf, "%x\r\n", ( *size ) ); //begin chunk tempSize = strlen( tempbuf ); memcpy( tempbuf + tempSize, buf, ( *size ) ); @@ -1300,7 +1303,7 @@ http_ReadHttpGet( IN void *Handle, if( ( !handle ) || ( !size ) || ( ( ( *size ) > 0 ) && !buf ) || ( ( *size ) < 0 ) ) { - ( *size ) = 0; + if(size) ( *size ) = 0; return UPNP_E_INVALID_PARAM; } //first parse what has already been gotten @@ -2388,7 +2391,7 @@ get_sdk_info( OUT char *info ) *info = '\0'; } - sprintf( info, "%s/%s, UPnP/1.0, Intel SDK for UPnP devices/" + sprintf( info, "%s/%s, UPnP/1.0, Portable SDK for UPnP devices/" PACKAGE_VERSION "\r\n", sys_info.sysname, sys_info.release ); } diff --git a/libupnp/upnp/src/genlib/net/http/webserver.c b/libupnp/upnp/src/genlib/net/http/webserver.c index b3a22fe..c9e93e7 100644 --- a/libupnp/upnp/src/genlib/net/http/webserver.c +++ b/libupnp/upnp/src/genlib/net/http/webserver.c @@ -1550,6 +1550,7 @@ http_RecvPostMessage( http_parser_t * parser, && ( status != PARSE_CONTINUE_1 ) && ( status != PARSE_INCOMPLETE ) ) { //error + fclose( Fp ); return HTTP_BAD_REQUEST; } //read more if necessary entity diff --git a/libupnp/upnp/src/inc/upnpapi.h b/libupnp/upnp/src/inc/upnpapi.h index 6bb9b9b..74293ad 100644 --- a/libupnp/upnp/src/inc/upnpapi.h +++ b/libupnp/upnp/src/inc/upnpapi.h @@ -54,7 +54,10 @@ #define DEFAULT_MAXAGE 1800 -extern size_t g_maxContentLength; +#define DEFAULT_SOAP_CONTENT_LENGTH 16000 +#define MAX_SOAP_CONTENT_LENGTH 32000 + +extern int g_maxContentLength; // 30-second timeout #define UPNP_TIMEOUT 30 diff --git a/libupnp/upnp/src/soap/soap_device.c b/libupnp/upnp/src/soap/soap_device.c index f521774..d5c49ef 100644 --- a/libupnp/upnp/src/soap/soap_device.c +++ b/libupnp/upnp/src/soap/soap_device.c @@ -65,6 +65,8 @@ static const char *Soap_Invalid_Action = "Invalid Action"; static const char *Soap_Action_Failed = "Action Failed"; static const char *Soap_Invalid_Var = "Invalid Var"; +const char *ContentTypeHeader = + "CONTENT-TYPE: text/xml; charset=\"utf-8\"\r\n"; /**************************************************************************** * Function : get_request_type diff --git a/libupnp/upnp/src/ssdp/ssdp_ctrlpt.c b/libupnp/upnp/src/ssdp/ssdp_ctrlpt.c index 24a50ec..ea53eb1 100644 --- a/libupnp/upnp/src/ssdp/ssdp_ctrlpt.c +++ b/libupnp/upnp/src/ssdp/ssdp_ctrlpt.c @@ -138,8 +138,9 @@ ssdp_handle_ctrlpt_msg( IN http_message_t * hmsg, // MAX-AGE param.Expires = -1; // assume error if( httpmsg_find_hdr( hmsg, HDR_CACHE_CONTROL, &hdr_value ) != NULL ) { - matchstr( hdr_value.buf, hdr_value.length, - "%imax-age = %d%0", ¶m.Expires ); + if( matchstr( hdr_value.buf, hdr_value.length, + "%imax-age = %d%0", ¶m.Expires ) != PARSE_OK ) + return; } // DATE