diff --git a/ChangeLog b/ChangeLog index bfee443..87870fc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,13 @@ Version 1.8.0 ******************************************************************************* +2012-03-08 Fabrice Fontaine + + Check for NULL pointer in TemplateSource.h + + calloc can return NULL so check for NULL pointer in CLASS##_new and + CLASS##_dup. + 2012-03-08 Fabrice Fontaine Replace strcpy with strncpy in get_hoststr diff --git a/upnp/inc/TemplateSource.h b/upnp/inc/TemplateSource.h index ef4744d..a4c350f 100644 --- a/upnp/inc/TemplateSource.h +++ b/upnp/inc/TemplateSource.h @@ -244,6 +244,8 @@ TEMPLATE_DECLARATION_STRUCT(CLASS) CLASS *CLASS##_new() \ { \ struct S##CLASS *p = calloc(1, sizeof (struct S##CLASS)); \ +\ + if (!p) return NULL; \ \ EXPAND_CLASS_MEMBERS(CLASS) \ \ @@ -287,6 +289,8 @@ TEMPLATE_DEFINITION_DESTRUCTOR(CLASS) CLASS *CLASS##_dup(const CLASS *q) \ { \ CLASS *p = CLASS##_new(); \ +\ + if (!p) return NULL; \ \ CLASS##_assign(p, q); \ \ diff --git a/upnp/src/soap/soap_device.c b/upnp/src/soap/soap_device.c index bc5da05..80a94d8 100644 --- a/upnp/src/soap/soap_device.c +++ b/upnp/src/soap/soap_device.c @@ -699,14 +699,15 @@ static UPNP_INLINE void handle_query_variable( err_code = SOAP_INVALID_VAR; err_str = Soap_Invalid_Var; - if (get_var_name(xml_doc, var_name) != 0) + if (variable == NULL || get_var_name(xml_doc, var_name) != 0) goto error_handler; /* get info for event */ - if (get_device_info(request, 1, xml_doc, + err_code = get_device_info(request, 1, xml_doc, info->foreign_sockaddr.ss_family, (UpnpString *)UpnpStateVarRequest_get_DevUDN(variable), (UpnpString *)UpnpStateVarRequest_get_ServiceID(variable), - &soap_event_callback, &cookie) != 0) + &soap_event_callback, &cookie); + if (err_code != UPNP_E_SUCCESS) goto error_handler; UpnpStateVarRequest_set_ErrCode(variable, UPNP_E_SUCCESS); UpnpStateVarRequest_strcpy_StateVarName(variable, var_name);