Handle overflow before changing SsdpEvent.
Because the behavior of "snprintf" is platform dependent in such case.
(cherry picked from commit f299d6597a)
Previous change broke the feature. The error of unique_service_name
in ssdp_request_type should be ignored.
This reverts commit 5944960e17.
(cherry picked from commit 35819a7a44)
src/genlib/net/http/httpreadwrite.c: In function
‘http_OpenHttpConnection’:
src/genlib/net/http/httpreadwrite.c:1072:69: warning: unused parameter
‘timeout’
src/genlib/net/sock.c: In function ‘sock_read_write’:
src/genlib/net/sock.c:172:4: warning: conversion to ‘long int’ from
‘size_t’ may change the sign of the result
(forward port of commit f1c4ffefda)
There was a problem in HDR_ACCEPT_LANGUAGE case.
It may read from TmpBuf larger amount than allocated,
since condition was always true.
Terminate RespInstr->AcceptLanguageHeader correctly.
Skip allocation if there is already sufficient buffer.
(cherry picked from commit db532afb9b)
Pass output buffer size to CreateClientRequestPacket(UlaGua)
from SearchByTarget and detect overflow.
Handle SearchByTarget error in UpnpSearchAsync.
(cherry picked from commit ff635f92c0)
Do not compile most of service_table.c and client_table.c if
--disable-gena is used.
Do not compile urlconfig.c if --disable-webserver is used.
Adding new UPNP_HAVE_xxx variables in upnpconfig.h and upnpconfig.h.in.
(forward port of commit bb140000c0)
Submitted: Yoichi NAKAYAMA ( yoichi ) - 2012-03-08 10:18:39 PST
97a17ff5ad commit breaks build on
windows/msvc since there is no snprintf.
Note:
* Some existing sources use _snprintf when WIN32 is defined, but its
behavior is a bit different from C99 snprintf.
* snprintf does terminate the buffer, so the commit (use buffer size
minus 1 as argument) changes the behavior at the boundary.
* Truncation might be better than crash in some cases. But it may
result in not good.
(forward port of commit e722d8c375)
Submitted: Marcelo Roberto Jimenez ( mroberto ) - 2012-03-08 12:38:57 PST
src/api/upnpapi.c: In function ‘UpnpUnSubscribeAsync’:
src/api/upnpapi.c:2060:6: warning: ‘retVal’ may be used uninitialized in this function
(cherry picked from commit 29ee36b1ca)
Removing first TempPtr allocation in unique_service_name as well as one
of the dbgStr allocation in AdvertizeAndReply as those values were not
used.
(cherry picked from commit 7ef089b09a)
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-06 07:36:08 PST
Call to strcpy should be replaced by call to memset and strncpy to
avoid getting buffer overflows.
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 12:33:59 PST
Fp is not closed when an error is raised on membuffer_append or
sock_read.
(cherry picked from commit 30badb44c7)
Submitted: Sunil ( sunilangadi ) - 2011-10-02 08:28:47 PDT
Details: I observed crash in the below mentioned log statement in
function upnpfinish(file: upnpapi.c).
UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__, "Exiting UpnpFinish:
UpnpSdkInit is :%d:\n", UpnpSdkInit);
In particular it was crashing in ithread_self in
UpnpDisplayFileAndLine(file upnpdebug.c) on WIN32.
Moving the call ithread_cleanup_library() below the upnp printf call
mentioned above in function upnpfinish fixed the crash but I couldn't get
to the root of the problem.
The problem was observed on WIN32.
(cherry picked from commit e5887c9036)
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 06:42:18 PST
gIF_IPV4, gIF_IPV6 and gIF_IPV6_ULA_GUA might be not null terminated.
Moreover, gIF_IPV4 should be 16 characters (INET_ADDRSTRLEN) and not 22
and gIF_IPV6 should be 46 characters (INET6_ADDRSTRLEN) and not 65.
(cherry picked from commit f6e88d5b0a)
