Handle overflow before changing SsdpEvent.
Because the behavior of "snprintf" is platform dependent in such case.
(cherry picked from commit f299d6597a817895f626420f2940aab0388d72eb)
Previous change broke the feature. The error of unique_service_name
in ssdp_request_type should be ignored.
This reverts commit 5944960e172a797a9fcc196291f4046cafa7f6ec.
(cherry picked from commit 35819a7a4400f9fc714c1d16b1ee705c4d4df6ed)
src/genlib/net/http/httpreadwrite.c: In function
‘http_OpenHttpConnection’:
src/genlib/net/http/httpreadwrite.c:1072:69: warning: unused parameter
‘timeout’
src/genlib/net/sock.c: In function ‘sock_read_write’:
src/genlib/net/sock.c:172:4: warning: conversion to ‘long int’ from
‘size_t’ may change the sign of the result
(forward port of commit f1c4ffefdaed7b45912357943000a2e4838305df)
Remove more "implicit integer or enum conversions" as well as memset
before snprintf.
(forward port of commit 2eb3e069badd5c8676738c3ead37f9551fd8448e)
There was a problem in HDR_ACCEPT_LANGUAGE case.
It may read from TmpBuf larger amount than allocated,
since condition was always true.
Terminate RespInstr->AcceptLanguageHeader correctly.
Skip allocation if there is already sufficient buffer.
(cherry picked from commit db532afb9bd7b870585705701b32dee441a5f6cb)
It is a static function and is called with AF_INET or AF_INET6,
so there is no real problem.
(cherry picked from commit 1b38cc963aec8c6c45bcd33db5c5eeb2de21826a)
Remove some of the "implicit integer or enum conversions" as well as
some access to NULL reference in upnp part.
(forward port of commit c67187ac94f25ae23b286a1521d968911edba61d)
Respect unique_service_name error in ssdp_request_type
so as not to touch non-terminated buffer under Evt.
(cherry picked from commit 5944960e172a797a9fcc196291f4046cafa7f6ec)
Pass output buffer size to addrToString and detect overflow.
Handle addrToString error in configure_urlbase.
(cherry picked from commit 56b44fee914738eb9e8bddc5fce768e2dbc4db12)
Pass output buffer size to CreateClientRequestPacket(UlaGua)
from SearchByTarget and detect overflow.
Handle SearchByTarget error in UpnpSearchAsync.
(cherry picked from commit ff635f92c08cf8f7ebca973450bd79feacb2e0b1)
Since 1st argument precedes the beginning of the buffer,
it is necessary to reduce the value of 3rd argument.
(cherry picked from commit b78eaf4e4374684847c4b5e1d62cb5a0a2541d9a)
Do not compile most of service_table.c and client_table.c if
--disable-gena is used.
Do not compile urlconfig.c if --disable-webserver is used.
Adding new UPNP_HAVE_xxx variables in upnpconfig.h and upnpconfig.h.in.
(forward port of commit bb140000c042b670211d5113bc54dd4e50e93c0e)
Remove "dereference NULL return" errors and implicit conversions to
double or enum types.
(cherry picked from commit 77c73884b81c887e24c2069d9528706c6caf3235)
Submitted: Yoichi NAKAYAMA ( yoichi ) - 2012-03-08 10:18:39 PST
97a17ff5add73c97844e2fa74456bab4df0800f1 commit breaks build on
windows/msvc since there is no snprintf.
Note:
* Some existing sources use _snprintf when WIN32 is defined, but its
behavior is a bit different from C99 snprintf.
* snprintf does terminate the buffer, so the commit (use buffer size
minus 1 as argument) changes the behavior at the boundary.
* Truncation might be better than crash in some cases. But it may
result in not good.
(forward port of commit e722d8c375dc50b855b41cd56e2fc3d70af4201e)
- define UPNP_USE_MSVCPP when necessary
- set release build's output directory to be consistent with debug build
- add missing ClientSubscription.c to libupnp project
- reference correct source files in sample project
Submitted: Marcelo Roberto Jimenez ( mroberto ) - 2012-03-08 12:38:57 PST
src/api/upnpapi.c: In function ‘UpnpUnSubscribeAsync’:
src/api/upnpapi.c:2060:6: warning: ‘retVal’ may be used uninitialized in this function
(cherry picked from commit 29ee36b1cad224015d70848df398d4d62f3d1937)
Submitted: Terry Farnham ( tfarnham ) - 2011-02-07 09:25:25 PST
Details: The strcmp(pNode->prefix,pCur->prefix) crashes on pCur->prefix
being NULL. This occurs on invalidly formatted xml where a node uses an
undefined namespace. I would expect to receive IXML_FAILED in this
situation.
(cherry picked from commit 2fb791c9bbab69bcb39153a663b8da95ae44a9c0)
Check that newNode is not NULL ixmlNode_cloneNodeTree and pass newAttr
as the return node in the ixmlElement_setAttributeNodeNS call of
ixmlElement_setAttributeNS.
(cherry picked from commit 9b616a08df3613bf27473d176b1b72cd671b75a5)
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 04:54:40 PST
If ixmlNode_isParent(nodeptr, newChild) returns TRUE,
ixmlNode_removeChild(nodeptr, newChild, NULL) will free newChild before
the modifications of newChild->nextSibling and newChild->prevSibling.
(cherry picked from commit 4f34a12a83101830e88a6e86013a47f57858d996)
Replace strcpy, sprintf and strcat by strncpy, snprintf and strncat to
avoid buffer overflows.
(forward port of commit 97a17ff5add73c97844e2fa74456bab4df0800f1)
