diff --git a/ChangeLog b/ChangeLog index 4f0d830..c07cd8d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,18 @@ Version 1.6.16 ******************************************************************************* +2012-03-05 Fabrice Fontaine + + SF Bug Tracker id 3496938 - Missing structures initialisation in some functions + + Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:31:16 PST + + Memsetting to 0 some of the structures: finfo in process_request, + job in readFromSSDPSocket, request in http_OpenHttpGetEx, job in + genaNotifyThread, job in genaNotifyAllExt, job in genaNotifyAll, + job in genaInitNotifyExt, job in genaInitNotify, LocalAddr in + getlocalhostname. + 2012-03-05 Fabrice Fontaine SF Bug Tracker id 3496934 - Memory leaks in getlocalhostname and UpnpGetIfInfo diff --git a/upnp/src/api/upnpapi.c b/upnp/src/api/upnpapi.c index a0ec0fa..dbed496 100644 --- a/upnp/src/api/upnpapi.c +++ b/upnp/src/api/upnpapi.c @@ -1612,6 +1612,8 @@ int UpnpSendAdvertisementLowPower(UpnpDevice_Handle Hnd, int Exp, upnp_timeout *adEvent; ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + if( UpnpSdkInit != 1 ) { return UPNP_E_FINISH; } @@ -1832,6 +1834,8 @@ int UpnpSubscribeAsync( char *EvtUrl = ( char * )EvtUrl_const; ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + if( UpnpSdkInit != 1 ) { return UPNP_E_FINISH; } @@ -2009,6 +2013,8 @@ int UpnpUnSubscribeAsync( struct Handle_Info *SInfo = NULL; struct UpnpNonblockParam *Param; + memset(&job, 0, sizeof(job)); + UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__, "Inside UpnpUnSubscribeAsync\n"); if (UpnpSdkInit != 1) { @@ -2121,6 +2127,8 @@ int UpnpRenewSubscriptionAsync( struct Handle_Info *SInfo = NULL; struct UpnpNonblockParam *Param; + memset(&job, 0, sizeof(job)); + if( UpnpSdkInit != 1 ) { return UPNP_E_FINISH; } @@ -2552,6 +2560,8 @@ int UpnpSendActionAsync( /* udn not used? */ /*char *DevUDN = (char *)DevUDN_const;*/ + memset(&job, 0, sizeof(job)); + if(UpnpSdkInit != 1) { return UPNP_E_FINISH; } @@ -2637,6 +2647,8 @@ int UpnpSendActionExAsync( ThreadPoolJob job; int retVal = 0; + memset(&job, 0, sizeof(job)); + if( UpnpSdkInit != 1 ) { return UPNP_E_FINISH; } @@ -2739,6 +2751,8 @@ int UpnpGetServiceVarStatusAsync( char *ActionURL = (char *)ActionURL_const; char *VarName = (char *)VarName_const; + memset(&job, 0, sizeof(job)); + if( UpnpSdkInit != 1 ) { return UPNP_E_FINISH; } @@ -3611,6 +3625,8 @@ int getlocalhostname(char *out, size_t out_len) struct hostent *h = NULL; struct sockaddr_in LocalAddr; + memset(&LocalAddr, 0, sizeof(LocalAddr)); + gethostname(out, out_len); h = gethostbyname(out); if (h != NULL) { @@ -3685,6 +3701,7 @@ int getlocalhostname(char *out, size_t out_len) memset(&ifConf, 0, sizeof(ifConf)); memset(&ifReq, 0, sizeof(ifReq)); memset(szBuffer, 0, sizeof(szBuffer)); + memset(&LocalAddr, 0, sizeof(LocalAddr)); /* Create an unbound datagram socket to do the SIOCGIFADDR ioctl on. */ LocalSock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); diff --git a/upnp/src/gena/gena_ctrlpt.c b/upnp/src/gena/gena_ctrlpt.c index aee9814..2d71095 100644 --- a/upnp/src/gena/gena_ctrlpt.c +++ b/upnp/src/gena/gena_ctrlpt.c @@ -2,6 +2,7 @@ * * Copyright (c) 2000-2003 Intel Corporation * All rights reserved. + * Copyright (c) 2012 France Telecom All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -142,6 +143,8 @@ static int ScheduleGenaAutoRenew( const UpnpString *tmpSID = UpnpClientSubscription_get_SID(sub); const UpnpString *tmpEventURL = UpnpClientSubscription_get_EventURL(sub); + memset(&job, 0, sizeof(job)); + if (TimeOut == UPNP_INFINITE) { return_code = GENA_SUCCESS; goto end_function; diff --git a/upnp/src/gena/gena_device.c b/upnp/src/gena/gena_device.c index e097b79..2c4d43c 100644 --- a/upnp/src/gena/gena_device.c +++ b/upnp/src/gena/gena_device.c @@ -2,6 +2,7 @@ * * Copyright (c) 2000-2003 Intel Corporation * All rights reserved. + * Copyright (c) 2012 France Telecom All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -315,6 +316,8 @@ static void genaNotifyThread( struct Handle_Info *handle_info; ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + /* This should be a HandleLock and not a HandleReadLock otherwise if there * is a lot of notifications, then multiple threads will acquire a read * lock and the thread which sends the notification will be blocked forever @@ -463,6 +466,8 @@ int genaInitNotify( struct Handle_Info *handle_info; ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + UpnpPrintf(UPNP_INFO, GENA, __FILE__, __LINE__, "GENA BEGIN INITIAL NOTIFY"); @@ -616,6 +621,8 @@ int genaInitNotifyExt( struct Handle_Info *handle_info; ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + UpnpPrintf(UPNP_INFO, GENA, __FILE__, __LINE__, "GENA BEGIN INITIAL NOTIFY EXT"); @@ -769,6 +776,8 @@ int genaNotifyAllExt( struct Handle_Info *handle_info; ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + UpnpPrintf(UPNP_INFO, GENA, __FILE__, __LINE__, "GENA BEGIN NOTIFY ALL EXT"); @@ -908,6 +917,8 @@ int genaNotifyAll( struct Handle_Info *handle_info; ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + UpnpPrintf(UPNP_INFO, GENA, __FILE__, __LINE__, "GENA BEGIN NOTIFY ALL"); diff --git a/upnp/src/genlib/miniserver/miniserver.c b/upnp/src/genlib/miniserver/miniserver.c index 32f8e9b..76f327a 100644 --- a/upnp/src/genlib/miniserver/miniserver.c +++ b/upnp/src/genlib/miniserver/miniserver.c @@ -260,6 +260,8 @@ static UPNP_INLINE void schedule_request_job( struct mserv_request_t *request; ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + request = (struct mserv_request_t *)malloc( sizeof (struct mserv_request_t)); if (request == NULL) { @@ -846,6 +848,8 @@ int StartMiniServer( MiniServerSockArray *miniSocket; ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + if (gMServState != MSERV_IDLE) { /* miniserver running. */ return UPNP_E_INTERNAL_ERROR; diff --git a/upnp/src/genlib/net/http/httpreadwrite.c b/upnp/src/genlib/net/http/httpreadwrite.c index fdbaa6e..98f9411 100644 --- a/upnp/src/genlib/net/http/httpreadwrite.c +++ b/upnp/src/genlib/net/http/httpreadwrite.c @@ -2,6 +2,7 @@ * * Copyright (c) 2000-2003 Intel Corporation * All rights reserved. + * Copyright (c) 2012 France Telecom All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -1938,6 +1939,8 @@ int http_OpenHttpGetEx( /* char rangeBuf[SIZE_RANGE_BUFFER]; */ struct SendInstruction rangeBuf; + membuffer_init(&request); + do { /* Checking Input parameters */ if (!url_str || !Handle || !contentType || !httpStatus ) { diff --git a/upnp/src/genlib/net/http/webserver.c b/upnp/src/genlib/net/http/webserver.c index c5cfa7a..ac60f58 100644 --- a/upnp/src/genlib/net/http/webserver.c +++ b/upnp/src/genlib/net/http/webserver.c @@ -1007,6 +1007,7 @@ static int process_request( req->method == HTTPMETHOD_POST || req->method == HTTPMETHOD_SIMPLEGET); /* init */ + memset(&finfo, 0, sizeof(finfo)); request_doc = NULL; finfo.content_type = NULL; alias_grabbed = FALSE; diff --git a/upnp/src/ssdp/ssdp_ctrlpt.c b/upnp/src/ssdp/ssdp_ctrlpt.c index bac0d3e..0e4a284 100644 --- a/upnp/src/ssdp/ssdp_ctrlpt.c +++ b/upnp/src/ssdp/ssdp_ctrlpt.c @@ -99,6 +99,8 @@ void ssdp_handle_ctrlpt_msg(http_message_t *hmsg, struct sockaddr_storage *dest_ ResultData *threadData = NULL; ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + /* we are assuming that there can be only one client supported at a time */ HandleReadLock(); @@ -447,6 +449,8 @@ int SearchByTarget(int Mx, char *St, void *Cookie) /*ThreadData *ThData; */ ThreadPoolJob job; + memset(&job, 0, sizeof(job)); + requestType = ssdp_request_type1(St); if (requestType == SSDP_SERROR) return UPNP_E_INVALID_PARAM; diff --git a/upnp/src/ssdp/ssdp_device.c b/upnp/src/ssdp/ssdp_device.c index e8d23ee..a4f7d1a 100644 --- a/upnp/src/ssdp/ssdp_device.c +++ b/upnp/src/ssdp/ssdp_device.c @@ -2,7 +2,7 @@ * * Copyright (c) 2000-2003 Intel Corporation * All rights reserved. - * Copyright (C) 2011 France Telecom All rights reserved. + * Copyright (C) 2011-2012 France Telecom All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -90,6 +90,8 @@ void ssdp_handle_device_request(http_message_t *hmsg, struct sockaddr_storage *d int replyTime; int maxAge; + memset(&job, 0, sizeof(job)); + /* check man hdr. */ if (httpmsg_find_hdr(hmsg, HDR_MAN, &hdr_value) == NULL || memptr_cmp(&hdr_value, "\"ssdp:discover\"") != 0) diff --git a/upnp/src/ssdp/ssdp_server.c b/upnp/src/ssdp/ssdp_server.c index 336b293..47b78bd 100644 --- a/upnp/src/ssdp/ssdp_server.c +++ b/upnp/src/ssdp/ssdp_server.c @@ -688,6 +688,8 @@ void readFromSSDPSocket(SOCKET socket) ssize_t byteReceived = 0; char ntop_buf[64]; + memset(&job, 0, sizeof(job)); + requestBuf = staticBuf; /* in case memory can't be allocated, still drain the socket using a * static buffer. */