generic-library/libupnp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[pupnp-devel] Type mixup on x86_64 causes UPNP_E_OUTOF_MEMORY

Browse Source 
Submitted By: Glen Masgai
after an UpnpSendActionAsync() for example, i get UPNP_E_OUTOF_MEMORY
in the callback using 1.4.4 on a x86_64 system. This happens in
http_MakeMessage(), which in some cases get called with wrong types
(int instead of size_t) in combination with format "b" and "Q".
The attached patch should fix this.


git-svn-id: https://pupnp.svn.sourceforge.net/svnroot/pupnp/trunk@166 119443c7-1b9e-41f8-b6fc-b9c35fce742c
This commit is contained in:
Marcelo Roberto Jimenez 2007-04-28 18:42:14 +00:00
parent c1e5e4d6a4
commit 28799f26c9
4 changed files with 56 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ChangeLog
View File

@ -11,12 +11,21 @@ Version 1.4.5
* Fix for a bug in makeAction where va_arg was beeing called one * Fix for a bug in makeAction where va_arg was beeing called one
extra time. extra time.
2007-04-19 Marcelo Jimenez <mroberto(at)users.sourceforge.net> 2007-04-28 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* SF Tracker [ 1703533 ] Patch to make it compile under FreeBSD * SF Tracker [ 1703533 ] Patch to make it compile under FreeBSD
Submitted By: Timothy Redaelli - drittz Submitted By: Timothy Redaelli - drittz
I made some patches to make it compile under FreeBSD using I made some patches to make it compile under FreeBSD using
gethostbyaddr_r when supported. gethostbyaddr_r when supported.
2007-04-28 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* [pupnp-devel] Type mixup on x86_64 causes UPNP_E_OUTOF_MEMORY
Submitted By: Glen Masgai
after an UpnpSendActionAsync() for example, i get UPNP_E_OUTOF_MEMORY
in the callback using 1.4.4 on a x86_64 system. This happens in
http_MakeMessage(), which in some cases get called with wrong types
(int instead of size_t) in combination with format "b" and "Q".
The attached patch should fix this.
************************************************************************* *************************************************************************
Version 1.4.4 Version 1.4.4
************************************************************************* *************************************************************************

2
THANKS
View File

@ -15,6 +15,7 @@ exempt of errors.
- Eric Tanguy - Eric Tanguy
- Erwan Velu - Erwan Velu
- Fredrik Svensson - Fredrik Svensson
- Glen Masgai
- Jiri Zouhar - Jiri Zouhar
- John Dennis - John Dennis
- Jonathan (no_dice) - Jonathan (no_dice)
@ -28,4 +29,5 @@ exempt of errors.
- Michael (Oxy) - Michael (Oxy)
- Paul Vixie - Paul Vixie
- Siva Chandran - Siva Chandran
- Timothy Redaelli

60
upnp/src/genlib/net/http/httpreadwrite.c
View File

@ -606,8 +606,8 @@ http_Download( IN const char *url_str,
*hoststr, *hoststr,
*temp; *temp;
http_parser_t response; http_parser_t response;
size_t msg_length, size_t msg_length;
hostlen; size_t hostlen;
memptr ctype; memptr ctype;
size_t copy_len; size_t copy_len;
membuffer request; membuffer request;
@ -648,9 +648,10 @@ http_Download( IN const char *url_str,
ret_code = http_MakeMessage( ret_code = http_MakeMessage(
&request, 1, 1, &request, 1, 1,
"QsbcDCUc", "Q" "s" "bcDCUc",
HTTPMETHOD_GET, url.pathquery.buff, url.pathquery.size, HTTPMETHOD_GET, url.pathquery.buff, url.pathquery.size,
"HOST: ", hoststr, hostlen ); "HOST: ",
hoststr, hostlen );
if( ret_code != 0 ) { if( ret_code != 0 ) {
DBGONLY( UpnpPrintf DBGONLY( UpnpPrintf
( UPNP_INFO, HTTP, __FILE__, __LINE__, ( UPNP_INFO, HTTP, __FILE__, __LINE__,
@ -766,7 +767,7 @@ MakePostMessage( const char *url_str,
{ {
int ret_code = 0; int ret_code = 0;
char *urlPath = alloca( strlen( url_str ) + 1 ); char *urlPath = alloca( strlen( url_str ) + 1 );
int hostlen = 0; size_t hostlen = 0;
char *hoststr, char *hoststr,
*temp; *temp;
@ -799,7 +800,7 @@ MakePostMessage( const char *url_str,
hostlen = strlen( hoststr ); hostlen = strlen( hoststr );
*temp = '/'; *temp = '/';
DBGONLY( UpnpPrintf( UPNP_INFO, HTTP, __FILE__, __LINE__, DBGONLY( UpnpPrintf( UPNP_INFO, HTTP, __FILE__, __LINE__,
"HOSTNAME : %s Length : %d\n", hoststr, hostlen ); "HOSTNAME : %s Length : %zd\n", hoststr, hostlen );
) )
if( contentLength >= 0 ) { if( contentLength >= 0 ) {
@ -1101,9 +1102,9 @@ MakeGetMessage( const char *url_str,
{ {
int ret_code; int ret_code;
char *urlPath = alloca( strlen( url_str ) + 1 ); char *urlPath = alloca( strlen( url_str ) + 1 );
int querylen = 0; size_t querylen = 0;
const char *querystr; const char *querystr;
int hostlen = 0; size_t hostlen = 0;
char *hoststr, char *hoststr,
*temp; *temp;
@ -1136,7 +1137,7 @@ MakeGetMessage( const char *url_str,
hostlen = strlen( hoststr ); hostlen = strlen( hoststr );
*temp = '/'; *temp = '/';
DBGONLY( UpnpPrintf( UPNP_INFO, HTTP, __FILE__, __LINE__, DBGONLY( UpnpPrintf( UPNP_INFO, HTTP, __FILE__, __LINE__,
"HOSTNAME : %s Length : %d\n", hoststr, hostlen ); "HOSTNAME : %s Length : %zd\n", hoststr, hostlen );
) )
if( proxy_str ) { if( proxy_str ) {
@ -1149,9 +1150,10 @@ MakeGetMessage( const char *url_str,
ret_code = http_MakeMessage( ret_code = http_MakeMessage(
request, 1, 1, request, 1, 1,
"QsbcDCUc", "Q" "s" "bcDCUc",
HTTPMETHOD_GET, querystr, querylen, HTTPMETHOD_GET, querystr, querylen,
"HOST: ", hoststr, hostlen ); "HOST: ",
hoststr, hostlen );
if( ret_code != 0 ) { if( ret_code != 0 ) {
DBGONLY( UpnpPrintf( UPNP_INFO, HTTP, __FILE__, __LINE__, DBGONLY( UpnpPrintf( UPNP_INFO, HTTP, __FILE__, __LINE__,
@ -1780,8 +1782,8 @@ http_SendStatusResponse( IN SOCKINFO * info,
* fmt types: * fmt types:
* 'B': arg = int status_code * 'B': arg = int status_code
* appends content-length, content-type and HTML body for given code * appends content-length, content-type and HTML body for given code
* 'b': arg1 = const char* buf; arg2 = size_t buf_length * 'b': arg1 = const char* buf;
* memory ptr * arg2 = size_t buf_length memory ptr
* 'C': (no args) appends a HTTP CONNECTION: close header * 'C': (no args) appends a HTTP CONNECTION: close header
* depending on major,minor version * depending on major,minor version
* 'c': (no args) appends CRLF "\r\n" * 'c': (no args) appends CRLF "\r\n"
@ -1790,16 +1792,18 @@ http_SendStatusResponse( IN SOCKINFO * info,
* 'G': arg = range information // add range header * 'G': arg = range information // add range header
* 'h': arg = off_t number // appends off_t number * 'h': arg = off_t number // appends off_t number
* 'K': (no args) // add chunky header * 'K': (no args) // add chunky header
* 'N': arg1 = int content_length // content-length header * 'N': arg1 = off_t content_length // content-length header
* 'q': arg1 = http_method_t, arg2 = (uri_type *) // request start line and HOST header * 'q': arg1 = http_method_t // request start line and HOST header
* 'Q': arg1 = http_method_t; arg2 = char* url; * arg2 = (uri_type *)
* arg3 = int url_length // start line of request * 'Q': arg1 = http_method_t; // start line of request
* 'R': arg = int status_code // adds a response start line * arg2 = char* url;
* arg3 = size_t url_length
* 'R': arg = int status_code // adds a response start line
* 'S': (no args) appends HTTP SERVER: header * 'S': (no args) appends HTTP SERVER: header
* 's': arg = const char* C_string * 's': arg = const char* C_string
* 'T': arg = char * content_type; format e.g: "text/html"; * 'T': arg = char * content_type; format
* content-type header * e.g: "text/html"; content-type header
* 't': arg = time_t * gmt_time // appends time in RFC 1123 fmt * 't': arg = time_t * gmt_time // appends time in RFC 1123 fmt
* 'U': (no args) appends HTTP USER-AGENT: header * 'U': (no args) appends HTTP USER-AGENT: header
* 'X': arg = const char useragent; "redsonic" HTTP X-User-Agent: useragent * 'X': arg = const char useragent; "redsonic" HTTP X-User-Agent: useragent
* *
@ -2165,7 +2169,7 @@ MakeGetMessageEx( const char *url_str,
{ {
int errCode = UPNP_E_SUCCESS; int errCode = UPNP_E_SUCCESS;
char *urlPath = NULL; char *urlPath = NULL;
int hostlen = 0; size_t hostlen = 0;
char *hoststr, char *hoststr,
*temp; *temp;
@ -2210,16 +2214,16 @@ MakeGetMessageEx( const char *url_str,
*temp = '/'; *temp = '/';
DBGONLY( UpnpPrintf( UPNP_INFO, HTTP, __FILE__, __LINE__, DBGONLY( UpnpPrintf( UPNP_INFO, HTTP, __FILE__, __LINE__,
"HOSTNAME : %s Length : %d\n", hoststr, "HOSTNAME : %s Length : %zd\n",
hostlen ); hoststr, hostlen );
) )
errCode = http_MakeMessage( errCode = http_MakeMessage(
request, 1, 1, request, 1, 1,
"QsbcGDCUc", "Q" "s" "bc" "GDCUc",
HTTPMETHOD_GET, HTTPMETHOD_GET, url->pathquery.buff, url->pathquery.size,
url->pathquery.buff, url->pathquery.size, "HOST: ",
"HOST: ", hoststr, hostlen, hoststr, hostlen,
pRangeSpecifier ); pRangeSpecifier );
if( errCode != 0 ) { if( errCode != 0 ) {

24
upnp/src/soap/soap_ctrlpt.c
View File

@ -611,9 +611,9 @@ SoapSendAction( IN char *action_url,
char *xml_end = char *xml_end =
"</s:Body>\r\n" "</s:Body>\r\n"
"</s:Envelope>\r\n\r\n"; "</s:Envelope>\r\n\r\n";
int xml_start_len; size_t xml_start_len;
int xml_end_len; size_t xml_end_len;
int action_str_len; size_t action_str_len;
*response_node = NULL; // init *response_node = NULL; // init
@ -693,7 +693,7 @@ SoapSendAction( IN char *action_url,
err_code = ret_code; err_code = ret_code;
} }
error_handler: error_handler:
ixmlFreeDOMString( action_str ); ixmlFreeDOMString( action_str );
membuffer_destroy( &request ); membuffer_destroy( &request );
membuffer_destroy( &responsename ); membuffer_destroy( &responsename );
@ -757,13 +757,13 @@ SoapSendActionEx( IN char *action_url,
char *xml_end = char *xml_end =
"</s:Body>\r\n" "</s:Body>\r\n"
"</s:Envelope>\r\n"; "</s:Envelope>\r\n";
int xml_start_len; size_t xml_start_len;
int xml_header_start_len; size_t xml_header_start_len;
int xml_header_str_len; size_t xml_header_str_len;
int xml_header_end_len; size_t xml_header_end_len;
int xml_body_start_len; size_t xml_body_start_len;
int action_str_len; size_t action_str_len;
int xml_end_len; size_t xml_end_len;
off_t content_length; off_t content_length;
*response_node = NULL; // init *response_node = NULL; // init
@ -821,7 +821,7 @@ SoapSendActionEx( IN char *action_url,
xml_body_start_len + action_str_len + xml_end_len; xml_body_start_len + action_str_len + xml_end_len;
if (http_MakeMessage( if (http_MakeMessage(
&request, 1, 1, &request, 1, 1,
"q" "N" "s" "sssbsc" "Uc" "bbbbbbb", "q" "N" "s" "sssbsc" "Uc" "b" "b" "b" "b" "b" "b" "b",
SOAPMETHOD_POST, &url, SOAPMETHOD_POST, &url,
content_length, content_length,
ContentTypeHeader, ContentTypeHeader,