From 1dbcdaef98e7f61876c5186ce4bcbd2ef53c5a8f Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Mon, 5 Mar 2012 11:39:32 +0100 Subject: [PATCH] SF Bug Tracker id 3496938 - Missing structures initialisation in some functions Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:31:16 PST Memsetting to 0 some of the structures: finfo in process_request, job in readFromSSDPSocket, request in http_OpenHttpGetEx, job in genaNotifyThread, job in genaNotifyAllExt, job in genaNotifyAll, job in genaInitNotifyExt, job in genaInitNotify, LocalAddr in getlocalhostname. (cherry picked from commit 7301f462690b7c62ed62c94650d95bda1064ecec) --- ChangeLog | 12 ++++++++++++ upnp/src/api/upnpapi.c | 17 +++++++++++++++++ upnp/src/gena/gena_ctrlpt.c | 3 +++ upnp/src/gena/gena_device.c | 11 +++++++++++ upnp/src/genlib/miniserver/miniserver.c | 4 ++++ upnp/src/genlib/net/http/httpreadwrite.c | 3 +++ upnp/src/genlib/net/http/webserver.c | 1 + upnp/src/ssdp/ssdp_ctrlpt.c | 4 ++++ upnp/src/ssdp/ssdp_device.c | 4 +++- upnp/src/ssdp/ssdp_server.c | 2 ++ 10 files changed, 60 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 325a0a2..c3a2368 100644 --- a/ChangeLog +++ b/ChangeLog @@ -299,6 +299,18 @@ Version 1.8.0 Version 1.6.16 ******************************************************************************* +2012-03-05 Fabrice Fontaine + + SF Bug Tracker id 3496938 - Missing structures initialisation in some functions + + Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:31:16 PST + + Memsetting to 0 some of the structures: finfo in process_request, + job in readFromSSDPSocket, request in http_OpenHttpGetEx, job in + genaNotifyThread, job in genaNotifyAllExt, job in genaNotifyAll, + job in genaInitNotifyExt, job in genaInitNotify, LocalAddr in + getlocalhostname. + 2012-03-05 Fabrice Fontaine SF Bug Tracker id 3496934 - Memory leaks in getlocalhostname and UpnpGetIfInfo diff --git a/upnp/src/api/upnpapi.c b/upnp/src/api/upnpapi.c index 0bc8eb5..112a88a 100644 --- a/upnp/src/api/upnpapi.c +++ b/upnp/src/api/upnpapi.c @@ -1645,6 +1645,8 @@ int UpnpSendAdvertisementLowPower(UpnpDevice_Handle Hnd, int Exp, upnp_timeout *adEvent; ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + if( UpnpSdkInit != 1 ) { return UPNP_E_FINISH; } @@ -1865,6 +1867,8 @@ int UpnpSubscribeAsync( char *EvtUrl = ( char * )EvtUrl_const; ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + if( UpnpSdkInit != 1 ) { return UPNP_E_FINISH; } @@ -2042,6 +2046,8 @@ int UpnpUnSubscribeAsync( struct Handle_Info *SInfo = NULL; struct UpnpNonblockParam *Param; + memset(&job, 0, sizeof(job)); + UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__, "Inside UpnpUnSubscribeAsync\n"); if (UpnpSdkInit != 1) { @@ -2154,6 +2160,8 @@ int UpnpRenewSubscriptionAsync( struct Handle_Info *SInfo = NULL; struct UpnpNonblockParam *Param; + memset(&job, 0, sizeof(job)); + if( UpnpSdkInit != 1 ) { return UPNP_E_FINISH; } @@ -2585,6 +2593,8 @@ int UpnpSendActionAsync( /* udn not used? */ /*char *DevUDN = (char *)DevUDN_const;*/ + memset(&job, 0, sizeof(job)); + if(UpnpSdkInit != 1) { return UPNP_E_FINISH; } @@ -2670,6 +2680,8 @@ int UpnpSendActionExAsync( ThreadPoolJob job; int retVal = 0; + memset(&job, 0, sizeof(job)); + if( UpnpSdkInit != 1 ) { return UPNP_E_FINISH; } @@ -2772,6 +2784,8 @@ int UpnpGetServiceVarStatusAsync( char *ActionURL = (char *)ActionURL_const; char *VarName = (char *)VarName_const; + memset(&job, 0, sizeof(job)); + if( UpnpSdkInit != 1 ) { return UPNP_E_FINISH; } @@ -3722,6 +3736,8 @@ int getlocalhostname(char *out, size_t out_len) struct hostent *h = NULL; struct sockaddr_in LocalAddr; + memset(&LocalAddr, 0, sizeof(LocalAddr)); + gethostname(out, out_len); h = gethostbyname(out); if (h != NULL) { @@ -3796,6 +3812,7 @@ int getlocalhostname(char *out, size_t out_len) memset(&ifConf, 0, sizeof(ifConf)); memset(&ifReq, 0, sizeof(ifReq)); memset(szBuffer, 0, sizeof(szBuffer)); + memset(&LocalAddr, 0, sizeof(LocalAddr)); /* Create an unbound datagram socket to do the SIOCGIFADDR ioctl on. */ LocalSock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); diff --git a/upnp/src/gena/gena_ctrlpt.c b/upnp/src/gena/gena_ctrlpt.c index af2d108..7ed227d 100644 --- a/upnp/src/gena/gena_ctrlpt.c +++ b/upnp/src/gena/gena_ctrlpt.c @@ -2,6 +2,7 @@ * * Copyright (c) 2000-2003 Intel Corporation * All rights reserved. + * Copyright (c) 2012 France Telecom All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -138,6 +139,8 @@ static int ScheduleGenaAutoRenew( int return_code = GENA_SUCCESS; ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + if (TimeOut == UPNP_INFINITE) { return_code = GENA_SUCCESS; goto end_function; diff --git a/upnp/src/gena/gena_device.c b/upnp/src/gena/gena_device.c index 04bd21a..c068b21 100644 --- a/upnp/src/gena/gena_device.c +++ b/upnp/src/gena/gena_device.c @@ -2,6 +2,7 @@ * * Copyright (c) 2000-2003 Intel Corporation * All rights reserved. + * Copyright (c) 2012 France Telecom All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -315,6 +316,8 @@ static void genaNotifyThread( struct Handle_Info *handle_info; ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + /* This should be a HandleLock and not a HandleReadLock otherwise if there * is a lot of notifications, then multiple threads will acquire a read * lock and the thread which sends the notification will be blocked forever @@ -463,6 +466,8 @@ int genaInitNotify( struct Handle_Info *handle_info; ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + UpnpPrintf(UPNP_INFO, GENA, __FILE__, __LINE__, "GENA BEGIN INITIAL NOTIFY"); @@ -616,6 +621,8 @@ int genaInitNotifyExt( struct Handle_Info *handle_info; ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + UpnpPrintf(UPNP_INFO, GENA, __FILE__, __LINE__, "GENA BEGIN INITIAL NOTIFY EXT"); @@ -769,6 +776,8 @@ int genaNotifyAllExt( struct Handle_Info *handle_info; ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + UpnpPrintf(UPNP_INFO, GENA, __FILE__, __LINE__, "GENA BEGIN NOTIFY ALL EXT"); @@ -908,6 +917,8 @@ int genaNotifyAll( struct Handle_Info *handle_info; ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + UpnpPrintf(UPNP_INFO, GENA, __FILE__, __LINE__, "GENA BEGIN NOTIFY ALL"); diff --git a/upnp/src/genlib/miniserver/miniserver.c b/upnp/src/genlib/miniserver/miniserver.c index 32f8e9b..76f327a 100644 --- a/upnp/src/genlib/miniserver/miniserver.c +++ b/upnp/src/genlib/miniserver/miniserver.c @@ -260,6 +260,8 @@ static UPNP_INLINE void schedule_request_job( struct mserv_request_t *request; ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + request = (struct mserv_request_t *)malloc( sizeof (struct mserv_request_t)); if (request == NULL) { @@ -846,6 +848,8 @@ int StartMiniServer( MiniServerSockArray *miniSocket; ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + if (gMServState != MSERV_IDLE) { /* miniserver running. */ return UPNP_E_INTERNAL_ERROR; diff --git a/upnp/src/genlib/net/http/httpreadwrite.c b/upnp/src/genlib/net/http/httpreadwrite.c index 2a857b6..49c435d 100644 --- a/upnp/src/genlib/net/http/httpreadwrite.c +++ b/upnp/src/genlib/net/http/httpreadwrite.c @@ -2,6 +2,7 @@ * * Copyright (c) 2000-2003 Intel Corporation * All rights reserved. + * Copyright (c) 2012 France Telecom All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -1786,6 +1787,8 @@ int http_OpenHttpGetEx( /* char rangeBuf[SIZE_RANGE_BUFFER]; */ struct SendInstruction rangeBuf; + membuffer_init(&request); + do { /* Checking Input parameters */ if (!url_str || !Handle || !contentType || !httpStatus ) { diff --git a/upnp/src/genlib/net/http/webserver.c b/upnp/src/genlib/net/http/webserver.c index 59a37e5..5aee369 100644 --- a/upnp/src/genlib/net/http/webserver.c +++ b/upnp/src/genlib/net/http/webserver.c @@ -1013,6 +1013,7 @@ static int process_request( req->method == HTTPMETHOD_POST || req->method == HTTPMETHOD_SIMPLEGET); /* init */ + memset(&finfo, 0, sizeof(finfo)); request_doc = NULL; finfo = UpnpFileInfo_new(); alias_grabbed = FALSE; diff --git a/upnp/src/ssdp/ssdp_ctrlpt.c b/upnp/src/ssdp/ssdp_ctrlpt.c index 5faddb8..a439c59 100644 --- a/upnp/src/ssdp/ssdp_ctrlpt.c +++ b/upnp/src/ssdp/ssdp_ctrlpt.c @@ -99,6 +99,8 @@ void ssdp_handle_ctrlpt_msg(http_message_t *hmsg, struct sockaddr_storage *dest_ SSDPResultData *threadData = NULL; ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + /* we are assuming that there can be only one client supported at a time */ HandleReadLock(); @@ -457,6 +459,8 @@ int SearchByTarget(int Mx, char *St, void *Cookie) /*ThreadData *ThData; */ ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + requestType = ssdp_request_type1(St); if (requestType == SSDP_SERROR) return UPNP_E_INVALID_PARAM; diff --git a/upnp/src/ssdp/ssdp_device.c b/upnp/src/ssdp/ssdp_device.c index e8d23ee..a4f7d1a 100644 --- a/upnp/src/ssdp/ssdp_device.c +++ b/upnp/src/ssdp/ssdp_device.c @@ -2,7 +2,7 @@ * * Copyright (c) 2000-2003 Intel Corporation * All rights reserved. - * Copyright (C) 2011 France Telecom All rights reserved. + * Copyright (C) 2011-2012 France Telecom All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -90,6 +90,8 @@ void ssdp_handle_device_request(http_message_t *hmsg, struct sockaddr_storage *d int replyTime; int maxAge; + memset(&job, 0, sizeof(job)); + /* check man hdr. */ if (httpmsg_find_hdr(hmsg, HDR_MAN, &hdr_value) == NULL || memptr_cmp(&hdr_value, "\"ssdp:discover\"") != 0) diff --git a/upnp/src/ssdp/ssdp_server.c b/upnp/src/ssdp/ssdp_server.c index 336b293..47b78bd 100644 --- a/upnp/src/ssdp/ssdp_server.c +++ b/upnp/src/ssdp/ssdp_server.c @@ -688,6 +688,8 @@ void readFromSSDPSocket(SOCKET socket) ssize_t byteReceived = 0; char ntop_buf[64]; + memset(&job, 0, sizeof(job)); + requestBuf = staticBuf; /* in case memory can't be allocated, still drain the socket using a * static buffer. */