Handle overflow before changing SsdpEvent.
Because the behavior of "snprintf" is platform dependent in such case.
(cherry picked from commit f299d6597a817895f626420f2940aab0388d72eb)
Previous change broke the feature. The error of unique_service_name
in ssdp_request_type should be ignored.
This reverts commit 5944960e172a797a9fcc196291f4046cafa7f6ec.
(cherry picked from commit 35819a7a4400f9fc714c1d16b1ee705c4d4df6ed)
src/genlib/net/http/httpreadwrite.c: In function
‘http_OpenHttpConnection’:
src/genlib/net/http/httpreadwrite.c:1072:69: warning: unused parameter
‘timeout’
src/genlib/net/sock.c: In function ‘sock_read_write’:
src/genlib/net/sock.c:172:4: warning: conversion to ‘long int’ from
‘size_t’ may change the sign of the result
(forward port of commit f1c4ffefdaed7b45912357943000a2e4838305df)
Remove more "implicit integer or enum conversions" as well as memset
before snprintf.
(forward port of commit 2eb3e069badd5c8676738c3ead37f9551fd8448e)
There was a problem in HDR_ACCEPT_LANGUAGE case.
It may read from TmpBuf larger amount than allocated,
since condition was always true.
Terminate RespInstr->AcceptLanguageHeader correctly.
Skip allocation if there is already sufficient buffer.
(cherry picked from commit db532afb9bd7b870585705701b32dee441a5f6cb)
It is a static function and is called with AF_INET or AF_INET6,
so there is no real problem.
(cherry picked from commit 1b38cc963aec8c6c45bcd33db5c5eeb2de21826a)
Remove some of the "implicit integer or enum conversions" as well as
some access to NULL reference in upnp part.
(forward port of commit c67187ac94f25ae23b286a1521d968911edba61d)
Respect unique_service_name error in ssdp_request_type
so as not to touch non-terminated buffer under Evt.
(cherry picked from commit 5944960e172a797a9fcc196291f4046cafa7f6ec)
Pass output buffer size to addrToString and detect overflow.
Handle addrToString error in configure_urlbase.
(cherry picked from commit 56b44fee914738eb9e8bddc5fce768e2dbc4db12)
Pass output buffer size to CreateClientRequestPacket(UlaGua)
from SearchByTarget and detect overflow.
Handle SearchByTarget error in UpnpSearchAsync.
(cherry picked from commit ff635f92c08cf8f7ebca973450bd79feacb2e0b1)
Since 1st argument precedes the beginning of the buffer,
it is necessary to reduce the value of 3rd argument.
(cherry picked from commit b78eaf4e4374684847c4b5e1d62cb5a0a2541d9a)
Do not compile most of service_table.c and client_table.c if
--disable-gena is used.
Do not compile urlconfig.c if --disable-webserver is used.
Adding new UPNP_HAVE_xxx variables in upnpconfig.h and upnpconfig.h.in.
(forward port of commit bb140000c042b670211d5113bc54dd4e50e93c0e)
Submitted: Yoichi NAKAYAMA ( yoichi ) - 2012-03-08 10:18:39 PST
97a17ff5add73c97844e2fa74456bab4df0800f1 commit breaks build on
windows/msvc since there is no snprintf.
Note:
* Some existing sources use _snprintf when WIN32 is defined, but its
behavior is a bit different from C99 snprintf.
* snprintf does terminate the buffer, so the commit (use buffer size
minus 1 as argument) changes the behavior at the boundary.
* Truncation might be better than crash in some cases. But it may
result in not good.
(forward port of commit e722d8c375dc50b855b41cd56e2fc3d70af4201e)
Submitted: Marcelo Roberto Jimenez ( mroberto ) - 2012-03-08 12:38:57 PST
src/api/upnpapi.c: In function ‘UpnpUnSubscribeAsync’:
src/api/upnpapi.c:2060:6: warning: ‘retVal’ may be used uninitialized in this function
(cherry picked from commit 29ee36b1cad224015d70848df398d4d62f3d1937)
Replace strcpy, sprintf and strcat by strncpy, snprintf and strncat to
avoid buffer overflows.
(forward port of commit 97a17ff5add73c97844e2fa74456bab4df0800f1)
Fix compile error on WIN32.
Local variables must be declared first.
Remove outdated comment.
(forward port of commit 4c3532585df4af55adb661d92788915cfccf52ba)
Removing first TempPtr allocation in unique_service_name as well as one
of the dbgStr allocation in AdvertizeAndReply as those values were not
used.
(cherry picked from commit 7ef089b09a79aa2e596d8ed7a5d04d74159d9882)
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-06 07:36:08 PST
Call to strcpy should be replaced by call to memset and strncpy to
avoid getting buffer overflows.
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 12:33:59 PST
Fp is not closed when an error is raised on membuffer_append or
sock_read.
(cherry picked from commit 30badb44c74aefa1c81c63d394079f5fa16c7dc1)
Submitted: Sunil ( sunilangadi ) - 2011-10-02 08:28:47 PDT
Details: I observed crash in the below mentioned log statement in
function upnpfinish(file: upnpapi.c).
UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__, "Exiting UpnpFinish:
UpnpSdkInit is :%d:\n", UpnpSdkInit);
In particular it was crashing in ithread_self in
UpnpDisplayFileAndLine(file upnpdebug.c) on WIN32.
Moving the call ithread_cleanup_library() below the upnp printf call
mentioned above in function upnpfinish fixed the crash but I couldn't get
to the root of the problem.
The problem was observed on WIN32.
(cherry picked from commit e5887c9036ed79a741e7383b4d323bf13171f320)
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 06:42:18 PST
gIF_IPV4, gIF_IPV6 and gIF_IPV6_ULA_GUA might be not null terminated.
Moreover, gIF_IPV4 should be 16 characters (INET_ADDRSTRLEN) and not 22
and gIF_IPV6 should be 46 characters (INET6_ADDRSTRLEN) and not 65.
(cherry picked from commit f6e88d5b0a9c1e2cb2f6bf5e394f055116071fb7)
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 05:51:44 PST
Fp is not closed if fseeko(Fp, Instr->RangeOffset, SEEK_CUR) does not return 0.
(cherry picked from commit 5caaf3ad071e4833aaab74133cc755ce3e917c01)
