From c9024bbb40801945b1db1bd47a32700873b80bf4 Mon Sep 17 00:00:00 2001
From: Yoichi NAKAYAMA <yoichi.nakayama@gmail.com>
Date: Sun, 11 Mar 2012 03:52:37 +0900
Subject: [PATCH] Respect unique_service_name error in ssdp_request_type.

Respect unique_service_name error in ssdp_request_type
so as not to touch non-terminated buffer under Evt.
(cherry picked from commit 5944960e172a797a9fcc196291f4046cafa7f6ec)
---
 ChangeLog                   | 2 ++
 upnp/src/ssdp/ssdp_server.c | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 75a1307..4450cc1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -328,6 +328,8 @@ Version 1.6.16
 	* Pass output buffer size to addrToString and detect overflow.
 	* Handle addrToString error in configure_urlbase. 
 	* Handle overflow in http_SendMessage.
+	* Respect unique_service_name error in ssdp_request_type
+	  so as not to touch non-terminated buffer under Evt.
 	* Treat large argument as error in UpnpAddVirtualDir.
 	* Do not clear buffer before snprintf.
 	* Clarify the last argument of GetDescDocumentAndURL has size LINE_SIZE.
diff --git a/upnp/src/ssdp/ssdp_server.c b/upnp/src/ssdp/ssdp_server.c
index 118b31c..98da4a5 100644
--- a/upnp/src/ssdp/ssdp_server.c
+++ b/upnp/src/ssdp/ssdp_server.c
@@ -552,7 +552,10 @@ int ssdp_request_type(char *cmd, SsdpEvent *Evt)
 {
 	/* clear event */
 	memset(Evt, 0, sizeof(SsdpEvent));
-	unique_service_name(cmd, Evt);
+	if (unique_service_name(cmd, Evt) != 0) {
+		Evt->ErrCode = E_HTTP_SYNTEX;
+		return -1;
+	}
 	Evt->ErrCode = NO_ERROR_FOUND;
 	if ((Evt->RequestType = ssdp_request_type1(cmd)) == SSDP_SERROR) {
 		Evt->ErrCode = E_HTTP_SYNTEX;