Backport of svn 403: Bob Ciora's patch for "UpnpCreatePropertySet can leak memory".
git-svn-id: https://pupnp.svn.sourceforge.net/svnroot/pupnp/branches/branch-1.6.x@466 119443c7-1b9e-41f8-b6fc-b9c35fce742c
This commit is contained in:
Marcelo Roberto Jimenez
parent
ffc4668e0b
commit
a772b1a754
24
ChangeLog
24
ChangeLog
@ -29,6 +29,30 @@ Version 1.6.7
|
||||
CONTENT-TYPE header line size, the length was beeing calculated with
|
||||
the wrong string, there was a missing colon.
|
||||
|
||||
2008-06-02 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
|
||||
* SF Bug Tracker [ 1942285 ]
|
||||
UpnpCreatePropertySet can leak memory.
|
||||
Submitted By: Bob Ciora - bobciora
|
||||
|
||||
In file upnp/src/api/upnptools.c, function UpnpCreatePropertySet can leak
|
||||
memory if no additional arguments are passed. This is because of the
|
||||
'return' statement at (or near) line 554.
|
||||
|
||||
The prior call to ixmlParseBufferEx may succeed. This causes a basic ixml
|
||||
tree to be created. The return statement at line 554 leaves this tree in
|
||||
memory without cleaning it up.
|
||||
|
||||
There are two options: either add code prior to the return at 554 to clean
|
||||
up the tree, or simply allow a NumArg parameter of 0 to be passed.
|
||||
|
||||
I prefer the second method -- there doesn't seem to be any need to pass
|
||||
*any* arguments to this function.
|
||||
|
||||
In my local copy of upnptools.c, I have simply replaced the "return NULL"
|
||||
in line 554 to "return PropSet".
|
||||
|
||||
I've attached the source file.
|
||||
|
||||
2008-05-26 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
|
||||
* SF Bug Tracker [ 1903069 ]
|
||||
Subs (not services) not marked 'active'
|
||||
|
||||
@ -1,36 +1,41 @@
|
||||
///////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
// Copyright (c) 2000-2003 Intel Corporation
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without
|
||||
// modification, are permitted provided that the following conditions are met:
|
||||
//
|
||||
// * Redistributions of source code must retain the above copyright notice,
|
||||
// this list of conditions and the following disclaimer.
|
||||
// * Redistributions in binary form must reproduce the above copyright notice,
|
||||
// this list of conditions and the following disclaimer in the documentation
|
||||
// and/or other materials provided with the distribution.
|
||||
// * Neither name of Intel Corporation nor the names of its contributors
|
||||
// may be used to endorse or promote products derived from this software
|
||||
// without specific prior written permission.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL OR
|
||||
// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
// EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
// PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
|
||||
// OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
//
|
||||
///////////////////////////////////////////////////////////////////////////
|
||||
/*******************************************************************************
|
||||
*
|
||||
* Copyright (c) 2000-2003 Intel Corporation
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
* * Neither name of Intel Corporation nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL OR
|
||||
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
|
||||
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
******************************************************************************/
|
||||
|
||||
|
||||
#include "config.h"
|
||||
|
||||
|
||||
#if EXCLUDE_DOM == 0
|
||||
|
||||
|
||||
#include <stdarg.h>
|
||||
#include "upnptools.h"
|
||||
#include "uri.h"
|
||||
@ -550,8 +555,8 @@ UpnpCreatePropertySet( IN int NumArg,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if( NumArg < 1 ) {
|
||||
return NULL;
|
||||
if (NumArg < 1) {
|
||||
return PropSet;
|
||||
}
|
||||
|
||||
va_start( ArgList, Arg );
|
||||
|
||||
Loading…
Reference in New Issue
Block a user