* SF Bug Tracker [ 1711325 ] Bad DestAddr in Upnp_Discovery structure

Submitted By: Bob Ciora
The field DestAddr of the structure Upnp_Discovery is now a full
SOCKADDRIN instead of a pointer to SOCKADDRIN. Commented code sugests
that in a previous moment, the function ssdp_handle_ctrlpt_msg() did
not use a postponed thread to call ctrlpt_callback(). Now the code
uses a thread, and most probably the original data would get lost and
the pointer would point to an invalid memory region. This fix caused
an interface change in the library and the minor library version was
bumped. Also, the libtool library numbers were changed accordingly.


git-svn-id: https://pupnp.svn.sourceforge.net/svnroot/pupnp/trunk@203 119443c7-1b9e-41f8-b6fc-b9c35fce742c

ChangeLog

@@ -1,7 +1,19 @@
 *******************************************************************************
-Version 1.4.7
+Version 1.6.0
 *******************************************************************************
 
+2007-05-26 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
+	* SF Bug Tracker [ 1711325 ] Bad DestAddr in Upnp_Discovery structure
+	Submitted By: Bob Ciora
+	The field DestAddr of the structure Upnp_Discovery is now a full
+	SOCKADDRIN instead of a pointer to SOCKADDRIN. Commented code sugests
+	that in a previous moment, the function ssdp_handle_ctrlpt_msg() did
+	not use a postponed thread to call ctrlpt_callback(). Now the code
+	uses a thread, and most probably the original data would get lost and
+	the pointer would point to an invalid memory region. This fix caused
+	an interface change in the library and the minor library version was
+	bumped. Also, the libtool library numbers were changed accordingly.
+
 2007-05-26 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
 	* Added support for the Basic Device
 	(http://www.upnp.org/standardizeddcps/basic.asp) as suggested by

THANKS

@@ -7,6 +7,7 @@ Here is a list of these people. Help us keep it complete and
 exempt of errors.
 
 - Arno Willig
+- Bob Ciora
 - Chaos
 - Craig Nelson
 - David Maass

configure.ac

@@ -9,7 +9,7 @@
 
 AC_PREREQ(2.60)
 
-AC_INIT([libupnp], [1.4.7], [mroberto@users.sourceforge.net])
+AC_INIT([libupnp], [1.6.0], [mroberto@users.sourceforge.net])
 # *Independently* of the above libupnp package version, the libtool version
 # of the 3 libraries need to be updated whenever there is a change released :
 # "current:revision:age" (this is NOT the same as the package version), where:
@@ -34,11 +34,35 @@ AC_INIT([libupnp], [1.4.7], [mroberto@users.sourceforge.net])
 #	current: 2 -> 3
 #	revisiion: 3 -> 0
 #	age: 0 -> 1
-# - Code has changed in upnp (revision 2 -> 3)
+# - Code has changed in upnp
 #	revision: 2 -> 3
-AC_SUBST([LT_VERSION_IXML],       [2:3:0])
+#
-AC_SUBST([LT_VERSION_THREADUTIL], [3:0:1])
+# For release 1.4.6, we had:
-AC_SUBST([LT_VERSION_UPNP],       [2:3:0])
+#AC_SUBST([LT_VERSION_IXML],       [2:3:0])
+#AC_SUBST([LT_VERSION_THREADUTIL], [3:0:1])
+#AC_SUBST([LT_VERSION_UPNP],       [2:3:0])
+#
+# "current:revision:age"
+#
+# - Code has changed in ixml
+#	revision: 3 -> 4
+# - Code has changed in threadutil
+#	revision: 0 -> 1
+# - Code has changed in upnp
+#	revision: 3 -> 4
+# - Interface changed in upnp
+#	current: 2 -> 3
+#	revision: 4 -> 0
+# - Interface removed in upnp
+#	age: 0 -> 0
+#
+# For release 1.6.0, we had:
+#AC_SUBST([LT_VERSION_IXML],       [2:4:0])
+#AC_SUBST([LT_VERSION_THREADUTIL], [3:1:1])
+#AC_SUBST([LT_VERSION_UPNP],       [3:0:0])
+AC_SUBST([LT_VERSION_IXML],       [2:4:0])
+AC_SUBST([LT_VERSION_THREADUTIL], [3:1:1])
+AC_SUBST([LT_VERSION_UPNP],       [3:0:0])
 
 
 AC_CONFIG_AUX_DIR(config.aux)

upnp/inc/upnp.h

@@ -828,46 +828,42 @@ struct Upnp_Event
  * Upnp_Discovery structure correctly.
  */
 
-typedef struct sockaddr_in SOCKADDRIN;
 
 /** Returned in a {\bf UPNP_DISCOVERY_RESULT} callback. */
-
 struct Upnp_Discovery
 {
+	/** The result code of the {\bf UpnpSearchAsync} call. */
+	int  ErrCode;                  
 				     
-  /** The result code of the {\bf UpnpSearchAsync} call. */
+	/** The expiration time of the advertisement. */
-  int  ErrCode;                  
+	int  Expires;                  
 				     
-  /** The expiration time of the advertisement. */
+	/** The unique device identifier. */
-  int  Expires;                  
+	char DeviceId[LINE_SIZE];      
 
-  /** The unique device identifier. */
+	/** The device type. */
-  char DeviceId[LINE_SIZE];      
+	char DeviceType[LINE_SIZE];    
 
-  /** The device type. */
+	/** The service type. */
-  char DeviceType[LINE_SIZE];    
+	char ServiceType[LINE_SIZE];
 
-  /** The service type. */
+	/** The service version. */
-  char ServiceType[LINE_SIZE];
+	char ServiceVer[LINE_SIZE];    
 
-  /** The service version. */
+	/** The URL to the UPnP description document for the device. */
-  char ServiceVer[LINE_SIZE];    
+	char Location[LINE_SIZE];      
 
-  /** The URL to the UPnP description document for the device. */
+	/** The operating system the device is running. */
-  char Location[LINE_SIZE];      
+	char Os[LINE_SIZE];            
 				     
-  /** The operating system the device is running. */
+	/** Date when the response was generated. */
-  char Os[LINE_SIZE];            
+	char Date[LINE_SIZE];            
 				     
-  /** Date when the response was generated. */
+	/** Confirmation that the MAN header was understood by the device. */
-  char Date[LINE_SIZE];            
+	char Ext[LINE_SIZE];           
-				     
-  /** Confirmation that the MAN header was understood by the device. */
-  char Ext[LINE_SIZE];           
-				     
-  /** The host address of the device responding to the search. */
-  SOCKADDRIN * DestAddr; 
 				     
+	/** The host address of the device responding to the search. */
+	struct sockaddr_in DestAddr; 
 };
 
 /** Returned along with a {\bf UPNP_EVENT_SUBSCRIBE_COMPLETE} or {\bf

upnp/src/genlib/net/http/httpparser.c

@@ -396,7 +396,7 @@ scanner_get_str( IN scanner_t * scanner )
 * Note :
 ************************************************************************/
 #warning The only use of the function 'scanner_pushback()' in the code is commented out.
-#warning 'scanner_pushback()' is a good candidate for removal.
+#warning 'scanner_pushback()' is a candidate for removal.
 static UPNP_INLINE void
 scanner_pushback( INOUT scanner_t * scanner,
                   IN size_t pushback_bytes )
@@ -966,7 +966,7 @@ read_until_crlf( INOUT scanner_t * scanner,
 *   PARSE_INCOMPLETE
 ************************************************************************/
 #warning There are currently no uses of the function 'skip_to_end_of_header()' in the code.
-#warning 'skip_to_end_of_header()' is a good candidate for removal.
+#warning 'skip_to_end_of_header()' is a candidate for removal.
 static UPNP_INLINE int
 skip_to_end_of_header( INOUT scanner_t * scanner )
 {

upnp/src/ssdp/ssdp_ctrlpt.c

@@ -159,7 +159,7 @@ ssdp_handle_ctrlpt_msg( IN http_message_t * hmsg,
     }
 
     // dest addr
-    param.DestAddr = dest_addr;
+    memcpy(&param.DestAddr, dest_addr, sizeof(struct sockaddr_in) );
 
     // EXT
     param.Ext[0] = '\0';
@@ -267,7 +267,7 @@ ssdp_handle_ctrlpt_msg( IN http_message_t * hmsg,
             strlen( param.Location ) == 0 || !usn_found || !st_found ) {
             return;             // bad reply
         }
-        //check each current search
+        // check each current search
         HandleLock();
         if( GetClientHandleInfo( &handle, &ctrlpt_info ) != HND_CLIENT ) {
             HandleUnlock();
@@ -275,14 +275,14 @@ ssdp_handle_ctrlpt_msg( IN http_message_t * hmsg,
         }
         node = ListHead( &ctrlpt_info->SsdpSearchList );
 
-        //temporary add null termination
+        // temporary add null termination
         //save_char = hdr_value.buf[ hdr_value.length ];
         //hdr_value.buf[ hdr_value.length ] = '\0';
 
         while( node != NULL ) {
             searchArg = node->item;
             matched = 0;
-            //check for match of ST header and search target
+            // check for match of ST header and search target
             switch ( searchArg->requestType ) {
                 case SSDP_ALL:
                     {
@@ -327,7 +327,7 @@ ssdp_handle_ctrlpt_msg( IN http_message_t * hmsg,
             }
 
             if( matched ) {
-                //schedule call back
+                // schedule call back
                 threadData =
                     ( ResultData * ) malloc( sizeof( ResultData ) );
                 if( threadData != NULL ) {
@@ -366,7 +366,7 @@ ssdp_handle_ctrlpt_msg( IN http_message_t * hmsg,
 *
 ***************************************************************************/
 #warning There are currently no uses of the function 'process_reply()' in the code.
-#warning 'process_reply()' is a good candidate for removal.
+#warning 'process_reply()' is a candidate for removal.
 static UPNP_INLINE void
 process_reply( IN char *request_buf,
                IN int buf_len,