From 25641ac51af6b1fe3750634b7af7a4f208f5a538 Mon Sep 17 00:00:00 2001
From: Juergen Lock <nox@jelal.kn-bremen.de>
Date: Mon, 22 Nov 2010 23:27:20 -0200
Subject: [PATCH] Two fixes from Juergen Lock <nox(at)jelal.kn-bremen.de>:

1. varargs:  pass size of CRLF as size_t not as int:

--- upnp/src/gena/gena_device.c.orig
+++ upnp/src/gena/gena_device.c
@@ -225,7 +225,7 @@ static UPNP_INLINE int notify_send_and_r
		"bbb",
		start_msg.buf, start_msg.length,
		propertySet, strlen(propertySet),
-		"\r\n", 2);
+		"\r\n", sizeof "\r\n" - 1);
	if (ret_code) {
		membuffer_destroy(&start_msg);
		sock_destroy(&info, SD_BOTH);

2. Remove "b" arg here, there is no buffer passed:  (this caused a pointer
to be interpreted as a buffer size to be alloc'd/copied, hence the 32 GB.)

--- upnp/src/genlib/net/http/webserver.c.orig
+++ upnp/src/genlib/net/http/webserver.c
@@ -1262,7 +1262,7 @@ static int process_request(
			// Content-Range: bytes 222-3333/4000  HTTP_PARTIAL_CONTENT
			// Transfer-Encoding: chunked
			if (http_MakeMessage(headers, resp_major, resp_minor,
-				"R" "TLD" "s" "tcS" "b" "Xc" "sCc",
+				"R" "TLD" "s" "tcS" "Xc" "sCc",
				HTTP_OK,    // status code
				finfo.content_type, // content type
				RespInstr,  // language info
(cherry picked from commit ed0ebe15883a46dd4ad885cce77db467db68306f)
---
 ChangeLog                            | 33 ++++++++++++++++++++++++++++
 THANKS                               |  1 +
 upnp/src/gena/gena_device.c          |  3 ++-
 upnp/src/genlib/net/http/webserver.c |  2 +-
 upnp/src/inc/httpreadwrite.h         |  2 +-
 5 files changed, 38 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 0fd0596..697ce9d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -237,6 +237,39 @@ Version 1.8.0
 Version 1.6.10
 *******************************************************************************
 
+2010-11-22 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>
+
+	Two fixes from Juergen Lock <nox(at)jelal.kn-bremen.de>:
+
+1. varargs:  pass size of CRLF as size_t not as int:
+
+--- upnp/src/gena/gena_device.c.orig
++++ upnp/src/gena/gena_device.c
+@@ -225,7 +225,7 @@ static UPNP_INLINE int notify_send_and_r
+		"bbb",
+		start_msg.buf, start_msg.length,
+		propertySet, strlen(propertySet),
+-		"\r\n", 2);
++		"\r\n", sizeof "\r\n" - 1);
+	if (ret_code) {
+		membuffer_destroy(&start_msg);
+		sock_destroy(&info, SD_BOTH);
+
+2. Remove "b" arg here, there is no buffer passed:  (this caused a pointer
+to be interpreted as a buffer size to be alloc'd/copied, hence the 32 GB.)
+
+--- upnp/src/genlib/net/http/webserver.c.orig
++++ upnp/src/genlib/net/http/webserver.c
+@@ -1262,7 +1262,7 @@ static int process_request(
+			// Content-Range: bytes 222-3333/4000  HTTP_PARTIAL_CONTENT
+			// Transfer-Encoding: chunked
+			if (http_MakeMessage(headers, resp_major, resp_minor,
+-				"R" "TLD" "s" "tcS" "b" "Xc" "sCc",
++				"R" "TLD" "s" "tcS" "Xc" "sCc",
+				HTTP_OK,    // status code
+				finfo.content_type, // content type
+				RespInstr,  // language info
+
 2010-11-15 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>
 
 	Added the convenience function UpnpResolveURL2() to upnptools.c.
diff --git a/THANKS b/THANKS
index 88f3f77..62c196f 100644
--- a/THANKS
+++ b/THANKS
@@ -36,6 +36,7 @@ exempt of errors.
 - John Dennis
 - Jonathan Casiot (no_dice)
 - Josh Carroll
+- Juergen Lock
 - Keith Brindley
 - Leuk_He
 - Loigu
diff --git a/upnp/src/gena/gena_device.c b/upnp/src/gena/gena_device.c
index 1b2a456..04bd21a 100644
--- a/upnp/src/gena/gena_device.c
+++ b/upnp/src/gena/gena_device.c
@@ -176,6 +176,7 @@ static UPNP_INLINE int notify_send_and_recv(
 	int err_code;
 	int timeout;
 	SOCKINFO info;
+	const char *CRLF = "\r\n";
 
 	/* connect */
 	UpnpPrintf(UPNP_ALL, GENA, __FILE__, __LINE__,
@@ -209,7 +210,7 @@ static UPNP_INLINE int notify_send_and_recv(
 		"bbb",
 		start_msg.buf, start_msg.length,
 		propertySet, strlen(propertySet),
-		"\r\n", 2);
+		CRLF, sizeof CRLF);
 	if (ret_code) {
 		membuffer_destroy(&start_msg);
 		sock_destroy(&info, SD_BOTH);
diff --git a/upnp/src/genlib/net/http/webserver.c b/upnp/src/genlib/net/http/webserver.c
index 819154c..1df6ea0 100644
--- a/upnp/src/genlib/net/http/webserver.c
+++ b/upnp/src/genlib/net/http/webserver.c
@@ -1262,7 +1262,7 @@ static int process_request(
 			/* Content-Range: bytes 222-3333/4000  HTTP_PARTIAL_CONTENT */
 			/* Transfer-Encoding: chunked */
 			if (http_MakeMessage(headers, resp_major, resp_minor,
-			    "R" "TLD" "s" "tcS" "b" "Xc" "sCc",
+			    "R" "TLD" "s" "tcS" "Xc" "sCc",
 			    HTTP_OK,	/* status code */
 			    UpnpFileInfo_get_ContentType(finfo), /* content type */
 			    RespInstr,	/* language info */
diff --git a/upnp/src/inc/httpreadwrite.h b/upnp/src/inc/httpreadwrite.h
index a05c7ca..6ed4409 100644
--- a/upnp/src/inc/httpreadwrite.h
+++ b/upnp/src/inc/httpreadwrite.h
@@ -479,7 +479,7 @@ Format types:
 	'T':	arg = char * content_type;	-- format e.g: "text/html"; content-type header
 	't':	arg = time_t * gmt_time		-- appends time in RFC 1123 fmt
 	'U':	(no args)			-- appends HTTP USER-AGENT: header
-	'X':	arg = const char		-- useragent; "redsonic" HTTP X-User-Agent: useragent
+	'X':	arg = const char *		-- useragent; "redsonic" HTTP X-User-Agent: useragent
 \endverbatim
  *
  * \return