generic-library/libupnp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

2010-09-10 Jean Sigwald <jean.sigwald(at)orange-ftgroup.com>

Browse Source 
I discovered a reliable denial-of-service issue on the last stable
release of libupnp (1.6.6) remotely triggerable by any
unauthenticated user. The issue is related with a bad parsing of
malformed XML.
This commit is contained in:
Marcelo Roberto Jimenez 2010-09-10 19:26:10 -03:00
parent 5755ac022f
commit 25a4bd6d25
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -2,6 +2,12 @@
Version 1.6.7
*******************************************************************************
2010-09-10 Jean Sigwald <jean.sigwald(at)orange-ftgroup.com>
I discovered a reliable denial-of-service issue on the last stable
release of libupnp (1.6.6) remotely triggerable by any
unauthenticated user. The issue is related with a bad parsing of
malformed XML.
2010-09-10 Chandra Penke <chandrapenke(at)mcntech.com>
* SF Patch Tracker [ 2854711 ] Patch for Solaris10 compilation and usage
Submitted By: zephyrus ( zephyrus00jp )

5
ixml/src/ixmlparser.c
View File

@ -583,11 +583,14 @@ static int Parser_isValidEndElement(
IXML_Node *newNode)
{
assert(xmlParser);
assert(xmlParser->pCurElement);
assert(xmlParser->pCurElement->element);
assert(newNode);
assert(newNode->nodeName);
if (xmlParser->pCurElement == NULL) {
return 0;
}
return strcmp(xmlParser->pCurElement->element, newNode->nodeName) == 0;
}