generic-library/libupnp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[pupnp-devel] Type mixup on x86_64 causes UPNP_E_OUTOF_MEMORY

Browse Source 
Submitted By: Glen Masgai
after an UpnpSendActionAsync() for example, i get UPNP_E_OUTOF_MEMORY
in the callback using 1.4.4 on a x86_64 system. This happens in
http_MakeMessage(), which in some cases get called with wrong types
(int instead of size_t) in combination with format "b" and "Q".
The attached patch should fix this.


git-svn-id: https://pupnp.svn.sourceforge.net/svnroot/pupnp/trunk@166 119443c7-1b9e-41f8-b6fc-b9c35fce742c
This commit is contained in:
Marcelo Roberto Jimenez 2007-04-28 18:42:14 +00:00
parent c1e5e4d6a4
commit 28799f26c9
4 changed files with 56 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ChangeLog
View File

@ -11,12 +11,21 @@ Version 1.4.5
* Fix for a bug in makeAction where va_arg was beeing called one
extra time.
2007-04-19 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
2007-04-28 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* SF Tracker [ 1703533 ] Patch to make it compile under FreeBSD
Submitted By: Timothy Redaelli - drittz
I made some patches to make it compile under FreeBSD using
gethostbyaddr_r when supported.
2007-04-28 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* [pupnp-devel] Type mixup on x86_64 causes UPNP_E_OUTOF_MEMORY
Submitted By: Glen Masgai
after an UpnpSendActionAsync() for example, i get UPNP_E_OUTOF_MEMORY
in the callback using 1.4.4 on a x86_64 system. This happens in
http_MakeMessage(), which in some cases get called with wrong types
(int instead of size_t) in combination with format "b" and "Q".
The attached patch should fix this.
*************************************************************************
Version 1.4.4
*************************************************************************

2
THANKS
View File

@ -15,6 +15,7 @@ exempt of errors.
- Eric Tanguy
- Erwan Velu
- Fredrik Svensson
- Glen Masgai
- Jiri Zouhar
- John Dennis
- Jonathan (no_dice)
@ -28,4 +29,5 @@ exempt of errors.
- Michael (Oxy)
- Paul Vixie
- Siva Chandran
- Timothy Redaelli

60
upnp/src/genlib/net/http/httpreadwrite.c
View File

@ -606,8 +606,8 @@ http_Download( IN const char *url_str,
*hoststr,
*temp;
http_parser_t response;
size_t msg_length,
hostlen;
size_t msg_length;
size_t hostlen;
memptr ctype;
size_t copy_len;
membuffer request;
@ -648,9 +648,10 @@ http_Download( IN const char *url_str,
ret_code = http_MakeMessage(
&request, 1, 1,
"QsbcDCUc",
"Q" "s" "bcDCUc",
HTTPMETHOD_GET, url.pathquery.buff, url.pathquery.size,
"HOST: ", hoststr, hostlen );
"HOST: ",
hoststr, hostlen );
if( ret_code != 0 ) {
DBGONLY( UpnpPrintf
( UPNP_INFO, HTTP, __FILE__, __LINE__,
@ -766,7 +767,7 @@ MakePostMessage( const char *url_str,
{
int ret_code = 0;
char *urlPath = alloca( strlen( url_str ) + 1 );
int hostlen = 0;
size_t hostlen = 0;
char *hoststr,
*temp;
@ -799,7 +800,7 @@ MakePostMessage( const char *url_str,
hostlen = strlen( hoststr );
*temp = '/';
DBGONLY( UpnpPrintf( UPNP_INFO, HTTP, __FILE__, __LINE__,
"HOSTNAME : %s Length : %d\n", hoststr, hostlen );
"HOSTNAME : %s Length : %zd\n", hoststr, hostlen );
)
if( contentLength >= 0 ) {
@ -1101,9 +1102,9 @@ MakeGetMessage( const char *url_str,
{
int ret_code;
char *urlPath = alloca( strlen( url_str ) + 1 );
int querylen = 0;
size_t querylen = 0;
const char *querystr;
int hostlen = 0;
size_t hostlen = 0;
char *hoststr,
*temp;
@ -1136,7 +1137,7 @@ MakeGetMessage( const char *url_str,
hostlen = strlen( hoststr );
*temp = '/';
DBGONLY( UpnpPrintf( UPNP_INFO, HTTP, __FILE__, __LINE__,
"HOSTNAME : %s Length : %d\n", hoststr, hostlen );
"HOSTNAME : %s Length : %zd\n", hoststr, hostlen );
)
if( proxy_str ) {
@ -1149,9 +1150,10 @@ MakeGetMessage( const char *url_str,
ret_code = http_MakeMessage(
request, 1, 1,
"QsbcDCUc",
"Q" "s" "bcDCUc",
HTTPMETHOD_GET, querystr, querylen,
"HOST: ", hoststr, hostlen );
"HOST: ",
hoststr, hostlen );
if( ret_code != 0 ) {
DBGONLY( UpnpPrintf( UPNP_INFO, HTTP, __FILE__, __LINE__,
@ -1780,8 +1782,8 @@ http_SendStatusResponse( IN SOCKINFO * info,
* fmt types:
* 'B': arg = int status_code
* appends content-length, content-type and HTML body for given code
* 'b': arg1 = const char* buf; arg2 = size_t buf_length
* memory ptr
* 'b': arg1 = const char* buf;
* arg2 = size_t buf_length memory ptr
* 'C': (no args) appends a HTTP CONNECTION: close header
* depending on major,minor version
* 'c': (no args) appends CRLF "\r\n"
@ -1790,16 +1792,18 @@ http_SendStatusResponse( IN SOCKINFO * info,
* 'G': arg = range information // add range header
* 'h': arg = off_t number // appends off_t number
* 'K': (no args) // add chunky header
* 'N': arg1 = int content_length // content-length header
* 'q': arg1 = http_method_t, arg2 = (uri_type *) // request start line and HOST header
* 'Q': arg1 = http_method_t; arg2 = char* url;
* arg3 = int url_length // start line of request
* 'R': arg = int status_code // adds a response start line
* 'N': arg1 = off_t content_length // content-length header
* 'q': arg1 = http_method_t // request start line and HOST header
* arg2 = (uri_type *)
* 'Q': arg1 = http_method_t; // start line of request
* arg2 = char* url;
* arg3 = size_t url_length
* 'R': arg = int status_code // adds a response start line
* 'S': (no args) appends HTTP SERVER: header
* 's': arg = const char* C_string
* 'T': arg = char * content_type; format e.g: "text/html";
* content-type header
* 't': arg = time_t * gmt_time // appends time in RFC 1123 fmt
* 'T': arg = char * content_type; format
* e.g: "text/html"; content-type header
* 't': arg = time_t * gmt_time // appends time in RFC 1123 fmt
* 'U': (no args) appends HTTP USER-AGENT: header
* 'X': arg = const char useragent; "redsonic" HTTP X-User-Agent: useragent
*
@ -2165,7 +2169,7 @@ MakeGetMessageEx( const char *url_str,
{
int errCode = UPNP_E_SUCCESS;
char *urlPath = NULL;
int hostlen = 0;
size_t hostlen = 0;
char *hoststr,
*temp;
@ -2210,16 +2214,16 @@ MakeGetMessageEx( const char *url_str,
*temp = '/';
DBGONLY( UpnpPrintf( UPNP_INFO, HTTP, __FILE__, __LINE__,
"HOSTNAME : %s Length : %d\n", hoststr,
hostlen );
"HOSTNAME : %s Length : %zd\n",
hoststr, hostlen );
)
errCode = http_MakeMessage(
request, 1, 1,
"QsbcGDCUc",
HTTPMETHOD_GET,
url->pathquery.buff, url->pathquery.size,
"HOST: ", hoststr, hostlen,
"Q" "s" "bc" "GDCUc",
HTTPMETHOD_GET, url->pathquery.buff, url->pathquery.size,
"HOST: ",
hoststr, hostlen,
pRangeSpecifier );
if( errCode != 0 ) {

24
upnp/src/soap/soap_ctrlpt.c
View File

@ -611,9 +611,9 @@ SoapSendAction( IN char *action_url,
char *xml_end =
"</s:Body>\r\n"
"</s:Envelope>\r\n\r\n";
int xml_start_len;
int xml_end_len;
int action_str_len;
size_t xml_start_len;
size_t xml_end_len;
size_t action_str_len;
*response_node = NULL; // init
@ -693,7 +693,7 @@ SoapSendAction( IN char *action_url,
err_code = ret_code;
}
error_handler:
error_handler:
ixmlFreeDOMString( action_str );
membuffer_destroy( &request );
membuffer_destroy( &responsename );
@ -757,13 +757,13 @@ SoapSendActionEx( IN char *action_url,
char *xml_end =
"</s:Body>\r\n"
"</s:Envelope>\r\n";
int xml_start_len;
int xml_header_start_len;
int xml_header_str_len;
int xml_header_end_len;
int xml_body_start_len;
int action_str_len;
int xml_end_len;
size_t xml_start_len;
size_t xml_header_start_len;
size_t xml_header_str_len;
size_t xml_header_end_len;
size_t xml_body_start_len;
size_t action_str_len;
size_t xml_end_len;
off_t content_length;
*response_node = NULL; // init
@ -821,7 +821,7 @@ SoapSendActionEx( IN char *action_url,
xml_body_start_len + action_str_len + xml_end_len;
if (http_MakeMessage(
&request, 1, 1,
"q" "N" "s" "sssbsc" "Uc" "bbbbbbb",
"q" "N" "s" "sssbsc" "Uc" "b" "b" "b" "b" "b" "b" "b",
SOAPMETHOD_POST, &url,
content_length,
ContentTypeHeader,