Fix for crash in webserver.c by Sebastian Brandt

Dear libupnp-devels, when POST'ing to the simple web server in libupnp, the application crashes. This is caused by a missing "..." argument in webserver.c:1533. Seems it has been there for a long time ... 1.6.9 and 1.6.18 have it. webserver.c:1533 calls http_MakeMessage /* Send response. */ http_MakeMessage(&headers, 1, 1, "RTLSXcCc", ret, "text/html", X_USER_AGENT); The format parameter RTLSXcCc needs four arguments - R - response code - ret, T- content type - text/html, L - struct SendInstruction * - NOT PRESENT X - user agent - X_USER_AGENT This results in a crash. Changing to http_MakeMessage(&headers, 1, 1, "RTLSXcCc", ret, "text/html", &RespInstr, X_USER_AGENT); solves the situation. Yours, Sebastian Brandt (cherry picked from commit 25c27b8af7)
2013-07-30 11:46:46 -03:00 · 2013-07-30 11:46:46 -03:00 · 97b6be674a
commit 97b6be674a
parent da34d1ecfe
3 changed files with 35 additions and 1 deletions
--- a/33
+++ b/33
@ -345,6 +345,39 @@ Version 1.8.0
 	* Rewrote Peter Hartley's patch to include a new extra header field in
 	FileInfo.

+*******************************************************************************
+Version 1.6.19
+*******************************************************************************
+
+2013-07-30 Sebastian Brandt <s.brandt(at)aixtrusion.de>
+
+	Dear libupnp-devels,
+	when POST'ing to the simple web server in libupnp, the application crashes.
+	This is caused by a missing "..." argument in webserver.c:1533.
+	Seems it has been there for a long time ... 1.6.9 and 1.6.18 have it.
+
+	webserver.c:1533 calls http_MakeMessage
+	/* Send response. */
+	http_MakeMessage(&headers, 1, 1,
+		 "RTLSXcCc",
+		 ret, "text/html", X_USER_AGENT);
+	The format parameter RTLSXcCc needs four arguments -
+	R - response code - ret,
+	T- content type - text/html,
+	L - struct SendInstruction * - NOT PRESENT
+	X - user agent - X_USER_AGENT
+
+	This results in a crash.
+
+	Changing to
+	http_MakeMessage(&headers, 1, 1,
+		 "RTLSXcCc",
+		 ret, "text/html", &RespInstr, X_USER_AGENT);
+	solves the situation.
+
+	Yours,
+	Sebastian Brandt
+
 *******************************************************************************
 Version 1.6.18
 *******************************************************************************
--- a/1
+++ b/1
@ -58,6 +58,7 @@ exempt of errors.
 - Rene Hexel
 - Robert Gingher (robsbox)
 - Ronan Menard
+- Sebastian Brandt
 - Siva Chandran
 - Stefan Sommerfeld (zerocom)
 - Stéphane Corthésy
--- a/upnp/src/genlib/net/http/webserver.c
+++ b/upnp/src/genlib/net/http/webserver.c
@ -1533,7 +1533,7 @@ void web_server_callback(http_parser_t *parser, INOUT http_message_t *req,
 			/* Send response. */
 			http_MakeMessage(&headers, 1, 1,
 				"RTLSXcCc",
-				ret, "text/html", X_USER_AGENT);
+				ret, "text/html", &RespInstr, X_USER_AGENT);
 			http_SendMessage(info, &timeout, "b",
 				headers.buf, headers.length);
 			break;