Commit Graph

257 Commits

Author SHA1 Message Date
Fabrice Fontaine
3e7bf14488 Merge branch 'branch-1.6.x' of ssh://pupnp.git.sourceforge.net/gitroot/pupnp/pupnp into branch-1.6.x 2012-03-06 09:58:54 +01:00
Fabrice Fontaine
a8bcbe9491 SF Bug Tracker id 3497159 - Bug fix in Parser_readFileOrBuffer
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 14:20:58 PST

fileSize = ftell( xmlFilePtr ); can return a negative value, in this
case the function should exit (at the moment, the function exits only
if ftell returns 0).
2012-03-06 00:23:54 +01:00
Fabrice Fontaine
1a1570fe0f SF Bug Tracker id 3497140 - Bug fix in http_get_code_text
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 13:07:03 PST

Replace if( statusCode < 100 && statusCode >= 600 ) which can't be true
by if( statusCode < 100 || statusCode >= 600 ).
2012-03-06 00:14:45 +01:00
Fabrice Fontaine
30badb44c7 SF Bug Tracker id 3497126 - Resource leak in http_RecvPostMessage
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 12:33:59 PST

Fp is not closed when an error is raised on membuffer_append or
sock_read.
2012-03-05 22:35:54 +01:00
Nick Leverton
3504b13eae SF Bug Tracker id 2989399 - UpnpSetVirtualDirCallbacks API removal in 1.6.x
Submitted: Nick Leverton ( leveret ) - 2010-04-19 07:44:10 PDT

Details: The recent codebase merge has removed a significant API call
which is used by several pupnp devices such as mediatomb and gmediaserver.
UpnpSetVirtualDirCallbacks() has been replaced by individual routines to
set each callback. Essentially this means that 1.6.7 will in fact be a majo
bump and 1.6.6 devices can no longer link against it. Could we have the call
reinstated please, perhaps as a wrapper around the individual calls ? As
it is, all distros will have to patch their 1.6.x apps, rebuild and re-link them.

The other removed API calls and external variables don't seem to be used
by any of the apps I have copies of, but UpnpSetVirtualDirCallbacks is
important for maintaining compatibility within 1.6.x.
2012-03-05 18:21:49 -03:00
Yoichi NAKAYAMA
d6f1e4112e SF Bug Tracker id 3325246 - Memory Leak in XML Parser
Submitted: Terry Farnham ( tfarnham ) - 2011-06-23 09:45:54 PDT

Details: The following bit of xml results in a memory leak from the xml
parser:

const char *xmlbuffer="<?xml version=\"1.0\" encoding=\"utf-8\"?>
<root xmlns=\"urn:schemas-upnp-org:device-1-0\" xmlns:dlna=\"urn:schemas-dlna-org:device-1-0\">
<dlna:X_DLNADOC xmlns:dlna=\"urn:schemas-dlna-org:device-1-0\">DMS-1.50</dlna:X_DLNADOC></root>";

When I execute the following code:

IXML_Document *doc = ixmlParseBuffer(xmlbuffer);
ixmlDocument_free(doc);

It results in a memory leak in ixmlparser.c line 2107 where it calls
safe_strdup( newElement->namespaceURI ); It's difficult to figure out why.
2012-03-05 16:59:15 -03:00
Yoichi NAKAYAMA
e5887c9036 SF Bug Tracker id 3417134 - Crash seen in UpnpFinish
Submitted: Sunil ( sunilangadi ) - 2011-10-02 08:28:47 PDT

Details: I observed crash in the below mentioned log statement in
function upnpfinish(file: upnpapi.c).
UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__, "Exiting UpnpFinish:
	UpnpSdkInit is :%d:\n", UpnpSdkInit);

In particular it was crashing in ithread_self in
UpnpDisplayFileAndLine(file upnpdebug.c) on WIN32.

Moving the call ithread_cleanup_library() below the upnp printf call
mentioned above in function upnpfinish fixed the crash but I couldn't get
to the root of the problem.

The problem was observed on WIN32.
2012-03-05 15:05:20 -03:00
Fabrice Fontaine
eeab71082f SF Bug Tracker id 3497034 - Buffer not null terminated in UpnpGetIfInfo
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 06:43:52 PST

gIF_NAME might be not null terminated.
2012-03-05 17:43:26 +01:00
Fabrice Fontaine
f6e88d5b0a SF Bug Tracker id 3497033 - Buffer not null terminated in UpnpInit
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 06:42:18 PST

gIF_IPV4, gIF_IPV6 and gIF_IPV6_ULA_GUA might be not null terminated.
Moreover, gIF_IPV4 should be 16 characters (INET_ADDRSTRLEN) and not 22
and gIF_IPV6 should be 46 characters (INET6_ADDRSTRLEN) and not 65.
2012-03-05 17:36:41 +01:00
Fabrice Fontaine
add51536fc Bug fix of lastest commit (parse_hostport)
Missing parenthesis in memset.
2012-03-05 17:31:20 +01:00
Fabrice Fontaine
40864da7c1 SF Bug Tracker id 3497027 - Buffer not null terminated in parse_hostport
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 06:28:38 PST

workbuf might be not null terminated.
2012-03-05 17:13:08 +01:00
Fabrice Fontaine
5caaf3ad07 SF Bug Tracker id 3497009 - Resource leak in http_SendMessage
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 05:51:44 PST

Fp is not closed if fseeko(Fp, Instr->RangeOffset, SEEK_CUR) does not return 0.
2012-03-05 17:12:15 +01:00
Fabrice Fontaine
26c3f87eca HInfo->ServiceTable initialization in UpnpRegisterRootDevice2 and UpnpRegisterRootDevice4
Initialize also HInfo->ServiceTable in UpnpRegisterRootDevice2 and
UpnpRegisterRootDevice4 functions
2012-03-05 12:43:07 +01:00
Yoichi NAKAYAMA
20372ccef6 Initialize ServiceTable. 2012-03-05 12:36:29 +01:00
Yoichi NAKAYAMA
47c86542bc Add error handling. 2012-03-05 12:26:41 +01:00
Fabrice Fontaine
da244683cf SF Bug Tracker id 3496942 - Memory leak in config_description_doc
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:55:54 PST

element was not freed if membuffer_append_str(&url_str, "http://") does
not return 0. Moreover addNew was not used.
2012-03-05 11:58:54 +01:00
Fabrice Fontaine
7301f46269 SF Bug Tracker id 3496938 - Missing structures initialisation in some functions
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:31:16 PST

Memsetting to 0 some of the structures: finfo in process_request,
job in readFromSSDPSocket, request in http_OpenHttpGetEx, job in
genaNotifyThread, job in genaNotifyAllExt, job in genaNotifyAll,
job in genaInitNotifyExt, job in genaInitNotify, LocalAddr in
getlocalhostname.
2012-03-05 11:52:22 +01:00
Fabrice Fontaine
bd203e780e SF Bug Tracker id 3496934 - Memory leaks in getlocalhostname and UpnpGetIfInfo
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:25:42 PST

LocalSock is not closed if ioctl(LocalSock, SIOCGIFCONF, &ifConf);
returns an error.
2012-03-05 11:33:12 +01:00
Fabrice Fontaine
69f3fe2330 SF Bug Tracker id 3496933 - Out-of-bounds access in CheckOtherHTTPHeaders
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:15:34 PST

An out-of-bands access is raised because size of
RespInst->AcceptLanguageHeader is 200 and TmpBuf size is 180.
2012-03-05 11:20:07 +01:00
Fabrice Fontaine
52df3081df Remove unused currentDevice variable in removeServiceTable
currentDevice is not used in this function.
2012-03-05 11:12:37 +01:00
Fabrice Fontaine
71e77a5b27 SF Bug Tracker id 3496581 - Memory leak in getServiceList
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-03 08:43:23 PST

serviceNodeList is not freed if
current->next = malloc(sizeof(service_info)); returns NULL.
2012-03-05 10:59:20 +01:00
Fabrice Fontaine
a79a149e6a SF Bug Tracker id 3495616 - Memory leak in ixmlElement_setAttributeNS
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-02-29 02:09:43 PST

newAttrNode is not freed if newAttr->n.nodeValue = strdup(value); returns
NULL or if ixmlElement_setAttributeNodeNS(element, newAttr, NULL) does
not return IXML_SUCCESS.
2012-03-01 14:04:26 +01:00
Fabrice Fontaine
0693adc7dc SF Bug Tracker id 3495286 - Double free in get_action_node
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-02-28 04:27:54 PST

ixmlFreeDOMString(ActNodeName); is called twice if
ixmlParseBufferEx(ActNodeName, RespNode); does not return IXML_SUCCESS.
2012-03-01 14:02:34 +01:00
Fabrice Fontaine
076f8e5be6 SF Bug Tracker id 3495280 - Memory leak in ixmlDocument_createElementEx
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-02-28 04:01:02 PST

There is a memory leak in ixmlDocument_createElementEx:
newElement->tagName is not freed if
newElement->n.nodeName = strdup(tagName); returns NULL.
2012-03-01 10:47:10 +01:00
Fabrice Fontaine
60f9df425b SF Bug Tracker id 3494865 - Use of non-initialized variable in parser_parse_requestline
Submitted: Marcelo Roberto jimenez ( mroberto ) - 2012-02-26 16:50:23 PST

src/genlib/net/http/httpparser.c: In function ‘parser_parse_requestline’:
src/genlib/net/http/httpparser.c:1319:28: warning: ‘index’ may be used uninitialized in this function
(cherry picked from commit 9125d82010)
2012-02-29 15:15:28 -03:00
Marcelo Roberto Jimenez
795de3e077 SF Bug Tracker id 3489999 - UpnpString leaks in genaSubscribe()
Submitted: Yoichi NAKAYAMA ( yoichi ) - 2012-02-21 07:06:35 PST

In genaSubscribe() (defined in upnp/src/gena/gena_ctrlpt.c),
ActualSID and EventURL will not be freed if ScheduleGenaAutoRenew
returns UPNP_E_SUCCESS.

This fixes the an issue introduced by the previous fix.
2012-02-26 21:36:24 -03:00
Yoichi NAKAYAMA
a567576100 Remove files missing in branch-1.6.x. 2012-02-26 01:36:59 -03:00
Marcelo Roberto Jimenez
bc473d5e68 SF Bug Tracker id 3489999 - UpnpString leaks in genaSubscribe()
Submitted: Yoichi NAKAYAMA ( yoichi ) - 2012-02-21 07:06:35 PST

In genaSubscribe() (defined in upnp/src/gena/gena_ctrlpt.c),
ActualSID and EventURL will not be freed if ScheduleGenaAutoRenew
returns UPNP_E_SUCCESS.

This fixes the original issue.
2012-02-26 01:12:59 -03:00
Marcelo Roberto Jimenez
2940cbf94a SF Bug Tracker: UpnpString leaks in genaSubscribe()
In genaSubscribe() (defined in upnp/src/gena/gena_ctrlpt.c),
ActualSID and EventURL will not be freed.
2012-02-23 16:30:19 -02:00
Marcelo Roberto Jimenez
d87c966ec5 SF Bug Tracker: http lib only accepts HTTP/1.1 - ID:3485745
Submitted by Berend Dekens ( Berend Dekens ) - 2012-02-08 06:24:31 PST

In httpparser.c on line 1385 it says that HTTP 1.0 replies are blocked
because the UPnP verfication tool requires this.

I looked in the specs and as far as I can find, one should only be
carefull to send chunked communication to hosts supporting HTTP 1.1.
There is no requirement to support only HTTP 1.1.

The XBMC media server uses the Platinum UPnP library which replies
using HTTP/1.0 messages. As it is now, libupnp returns an error while
trying to parse the response while the response itself is completely
valid.

Is there a requirement in the UPnP 1.0 spec that I missed or is this
restriction self-imposed? And can it be lifted?

-------------------------------------------------------------------

Comment by Fabrice Fontaine:

Hide
Hi,

You're right, this modification should be removed. This version checking
was wrongly added in parser_parse_responseline function.

...
2012-02-23 15:29:45 -02:00
Edwin Stearns
a9c24fc7f3 Be nice to a server that returns its URL without a trailing slash
Attached is a patch that resolved an issue I found with a server that
gave its device description URI without a trailing slash (e.g.
`http://127.0.0.1:5555`).
2012-02-18 11:35:21 -02:00
Fabrice Fontaine
537581d8ad Bug fix for IPv4-mapped IPv6 addresses.
Setting IPv6 sockets with IPV6_V6ONLY flag to avoid getting IP packets
with IPv4-mapped IPv6 addresses on IPv6 sockets.
2012-02-18 11:22:53 -02:00
Marcelo Roberto Jimenez
66ea2ab11d Homekeeping for the next release. 2012-01-25 10:40:26 -02:00
Fabrice Fontaine
c155d3c68f Bug fix on M-SEARCH for IPv6 CPs.
Small bug fix on IPv6 Control Point: now CP will also send M-SEARCH on
site-scope address (FF05::C) instead of only sending M-SEARCH on
link-scope (FF02::C).
2012-01-25 09:56:02 -02:00
Fabrice Fontaine
03bd7759cd Retrieve IPv6 addresses in Upnp_Discovery.
Changing sockaddr_in into sockaddr_storage in Upnp_Discovery to be able
to retrieve IPv6 addresses of devices in Control Points using pupnp.
2012-01-25 09:54:14 -02:00
Fabrice Fontaine
80a65e5f61 Bug fix for IPv4-mapped IPv6 addresses.
Setting IPv6 sockets with IPV6_V6ONLY flag to avoid getting IP packets
with IPv4-mapped IPv6 addresses on IPv6 sockets.
2012-01-25 09:41:59 -02:00
Marcelo Roberto Jimenez
3b33626e2f Fix for return value of UpnpResolveURL and UpnpResolveURL2
SF Bug tracker, ID: 3469344
	Submitted: dimmman ( dimmman ) - 2012-01-04 01:44:29 PST
	Details: Looking at the code (v1.6.14, upnptools.c) for UpnpResolveURL
	and UpnpResolveURL2 it shows that the ExitFunction: always returns
	UPNP_E_SUCCESS.

	I'm farily sure it's a simple mistake that should have been "return ret;"
	in both cases.

	Br,
	Jonny
2012-01-09 08:58:03 -02:00
Marcelo Roberto Jimenez
b35761e893 Homekeeping for the next release. 2011-11-14 12:54:21 -02:00
Fabrice Fontaine
98e4f938d6 UPnP Low Power support
Adding two new functions (UpnpSendAdvertisementLowPower and
UpnpUnRegisterRootDeviceLowPower) which can be used to specify values
for the three SSDP headers defined by UPnP Low Power. Those headers are
Powerstate, SleepPeriod and RegistrationState.
2011-11-04 20:21:58 -02:00
Fabrice Fontaine
92c93a8010 Bug fix in IN6_IS_ADDR_GLOBAL.
Changing IN6_IS_ADDR_GLOBAL to accept all IPv6 addresses which have a
2000::/3 prefix.
2011-11-01 18:59:49 -02:00
Fabrice Fontaine
6c6fb3707f Bug Fix on M-SEARCH.
Do not answer to M-SEARCH using HTTP version 1.0 as specified by the
UPnP Device Architecture.
2011-07-20 06:10:07 -03:00
Iain Denniston
92ea719804 Fixes for compilation under Windows (specifically MSVC). Also added MSVC supported "_inline", and fixed some WIN32 specific warnings. 2011-04-02 23:47:00 -03:00
Iain Denniston
fed316ff3e Several fixes to correctly use SOCKET (and related) types instead of non-portable variations. 2011-04-02 23:38:53 -03:00
Marcelo Roberto Jimenez
8eb7d1c1a5 Homekeeping for the next release. 2011-03-17 09:27:55 -03:00
Fabrice Fontaine
0996d23318 Putting ssdpReqSocks under compilation flag.
Putting all access to ssdpReqSock4 and ssdpReqSock6 under
INCLUDE_CLIENT_APIS compilation flag to be able to compile when
client part of library is disable.
2011-03-15 18:22:30 -03:00
Fabrice Fontaine
11f9a2bafe New UpnpRegisterRootDevice4 for legacy CPs.
Add a new UpnpRegisterRootDevice4 which allow user to specify a
description URL to be returned for legacy CPs (for example, CPs
searching for a v1 when the device is v2). Most of those CPs does not
work if they found a v2 in the XML description, so this new function is
only used to solve interoperability issues.
2011-03-15 18:17:05 -03:00
Iain Denniston
8aca337de7 Fix for memory leak 2011-03-11 18:33:43 -03:00
Iain Denniston
a78a048577 Fix and Update of MSVC9 solution and project files 2011-03-11 18:07:49 -03:00
Iain Denniston
7338411c08 Partial fix for UpnpGetIfInfo with MSVC 2011-03-11 17:52:07 -03:00
Marcelo Roberto Jimenez
3a9ae348bc Created the macros PRIzd and PRIzx to deal with MSVC lack of C99.
Thanks to Iain Denniston for pointing it out.
2011-03-11 17:20:17 -03:00
Iain Denniston
840669b253 Fixes for headers when compiled under C++ 2011-03-11 16:07:51 -03:00
Marcelo Roberto Jimenez
e30e7bd586 Fix for uuid_unpack incorrect shift precedence. 2011-03-10 16:21:25 -03:00
Marcelo Roberto Jimenez
0d3412bb24 Homekeeping for the next release. 2011-02-08 21:48:46 -02:00
Marcelo Roberto Jimenez
bab22c694b Undo the "incorrectly exported include files".
Legacy applications like linux-igd and igd2-for-linux are using those
API to create a thread pool for managing their GENA events.

Leave it to be reworked in 1.8.x.
2011-02-08 21:37:13 -02:00
Marcelo Roberto Jimenez
74665acd57 Homekeeping for the next release. 2011-02-07 22:41:08 -02:00
Marcelo Roberto Jimenez
32e510b45a Remove PrintThreadPoolStats() from the public API.
This function uses a ThreadPool object as an argument, which is not
supposed to be exported. Also, debug compilation was broken.
2011-02-07 22:33:42 -02:00
Fabrice Fontaine
063d472f80 Major bug fix in IPv6 code.
Major bug fix in miniserver.c for IPv6, bug was introduced when
changing implementation of get_port in November 20th 2010 ("gena:fix
several compiler warnings" commit).
2011-02-07 21:27:41 -02:00
Marcelo Roberto Jimenez
0bbe9f62df Fix for incorrectly exported include files.
The files FreeList.h, LinkedList.h, ThreadPool.h and TimerThread.h
from the threautil library were being installed in the include
directory of the library, incorrectly exposing internal data structure
of the library.
2011-02-06 11:52:47 -02:00
Chandra Penke
6c125feea0 Fix for compilation errors
Fix for compilation warnings of unused variables in upnpdebug.c in
release builds.
2011-01-30 09:36:05 -02:00
Chandra Penke
c4e9757bcf Fix for Race condition can hang miniserver thread.
Add 'requiredThreads' field to the ThreadPool structure, to avoid
a race condition when waiting for a new thread to be created. The
race condition occurs when a thread is destroyed while the master
thread is waiting for a new thread to be created.

Thanks to Chuck Thomason for pointing the problem.

Summary: Race condition can hang miniserver thread - ID: 3158591

Details:
Hello,

I have found a race condition in the thread pool handling of
libupnp-1.6.6 that periodically results in the miniserver thread
getting blocked infinitely.

In my setup, I have the miniserver thread pool configured with 1
job per thread, 2 threads minimum, and 50 threads maximum.

Just before the lockup occurs, the miniserver thread pool contains
2 threads: one worker thread hanging around from a previous HTTP
request job (let's call that thread "old_worker") and the
miniserver thread itself.

A new HTTP request comes in. Accordingly, the miniserver enters
schedule_request_job() and then ThreadPoolAdd(). In
ThreadPoolAdd(), the job gets added to the medium-priority queue,
and AddWorker() is called. In AddWorker(), jobs = 1 and threads =
1, so CreateWorker gets called.

When we enter CreateWorker(), tp->totalThreads is 2, so
currentThreads is 3. The function creates a new thread and then
blocks on tp->start_and_shutdown. The miniserver thread expects
the newly created thread to increment tp->totalThreads and then
signal the condition variable to wake up the miniserver thread and
let it proceed.

The newly created thread starts in the WorkerThread() function. It
increments tp->totalThreads to 3, does a broadcast on the
start_and_shutdown condition, and starts running its job. However,
before the miniserver thread wakes up, "old_worker" times out. It
sees that there are no jobs in any queue and that the total number
of threads (3) is more than the minimum (2). As a result, it
reduces tp->totalThreads to 2 and dies.

Now the miniserver thread finally wakes up. It checks
tp->totalThreads and sees that its value is 2, so it blocks on
tp->start_and_shutdown again. It has now "missed" seeing
tp->totalThreads get incremented to 3 and will never be unblocked
again.

When this issue does occur for a server device, the miniserver
port remains open, but becomes unresponsive since the miniserver
thread is stuck. SSDP alive messages keep getting sent out, as
they are handled by a separate thread. Reproducing the issue is
difficult due to the timing coincidence involved, but in my
environment I am presently seeing it at least once a day. I
figured out the sequence described above through addition of my
own debug logs.

The relevant code involved in this bug has not changed
substantially in libupnp-1.6.10, though I am planning to test
against 1.6.10 as well in the near future.

Do you have any input for an elegant fix for this issue?

Thanks,

Chuck Thomason
2011-01-20 04:45:27 -02:00
Marcelo Roberto Jimenez
abfa841318 Define _FILE_OFFSET_BITS, _LARGEFILE_SOURCE and _LARGE_FILE_SOURCE in upnpconfig.h.
Make these definitions available to programs using the library.
Thanks to Chandra Penke for pointing the problem.
2011-01-16 22:38:18 -02:00
Marcelo Roberto Jimenez
541679d651 Use config.h to test for the availability of strndup() and strnlen(). 2011-01-16 21:05:07 -02:00
Chandra Penke
cb1188d2bc Fixes chunked transfer encoding in HTTP client API 2011-01-15 21:11:24 -02:00
Marcelo Roberto Jimenez
189ce59dbe Null termination of strndup() implementation on systems missing it.
Also, implementation of strnlen() on systems missing it.
2011-01-14 22:05:22 -02:00
Marcelo Roberto Jimenez
9051731a93 Minor change in membuffer.c to include "membuffer.h"
...without looking in the standard header path. This allows pupnp
to build in xcode.
2011-01-14 09:54:59 -02:00
Marcelo Roberto Jimenez
b2a88aa70b SF Tracker: Patches - Fedora mingw32 compilation - ID: 3138849
Details:
Hello. I trying compile libupnp-1.6.10 on the Fedora 14 MinGW
Environment and get many errors. I create patch to fix it. With this
patch i can get static library. This patch is very raw.

Submitted: Ivan Romanov (ivanromanov) - 2010-12-16 23:29:19 UTC
2010-12-18 19:29:24 -02:00
Marcelo Roberto Jimenez
3dd133a03c Homekeeping for the next release. 2010-12-11 16:42:20 -02:00
Fabrice Fontaine
2c3bce13bd Major bug fix in http_SendMessage.
Currently, http_SendMessage was not able to write to write a buffer
due to a bad use of file_buf instead of buf. This bug was introduced by
the 0197-Doxygen-reformating-compiler-warnings patch.
2010-11-24 08:21:41 -02:00
Fabrice Fontaine
bda942b22a Returning the SID in Upnp_Event_Subscribe.
Currently, Upnp_Event_Subscribe always contains an empty chain in the
Sid parameter. This patch now saves the client Subscription ID in this
parameter so Control Points can see and use the same SID in the
Upnp_Event_Subscribe and in the Upnp_Event structures.
2010-11-24 08:21:33 -02:00
Juergen Lock
ed0ebe1588 Two fixes from Juergen Lock <nox(at)jelal.kn-bremen.de>:
1. varargs:  pass size of CRLF as size_t not as int:

--- upnp/src/gena/gena_device.c.orig
+++ upnp/src/gena/gena_device.c
@@ -225,7 +225,7 @@ static UPNP_INLINE int notify_send_and_r
		"bbb",
		start_msg.buf, start_msg.length,
		propertySet, strlen(propertySet),
-		"\r\n", 2);
+		"\r\n", sizeof "\r\n" - 1);
	if (ret_code) {
		membuffer_destroy(&start_msg);
		sock_destroy(&info, SD_BOTH);

2. Remove "b" arg here, there is no buffer passed:  (this caused a pointer
to be interpreted as a buffer size to be alloc'd/copied, hence the 32 GB.)

--- upnp/src/genlib/net/http/webserver.c.orig
+++ upnp/src/genlib/net/http/webserver.c
@@ -1262,7 +1262,7 @@ static int process_request(
			// Content-Range: bytes 222-3333/4000  HTTP_PARTIAL_CONTENT
			// Transfer-Encoding: chunked
			if (http_MakeMessage(headers, resp_major, resp_minor,
-				"R" "TLD" "s" "tcS" "b" "Xc" "sCc",
+				"R" "TLD" "s" "tcS" "Xc" "sCc",
				HTTP_OK,    // status code
				finfo.content_type, // content type
				RespInstr,  // language info
2010-11-22 23:28:56 -02:00
Marcelo Roberto Jimenez
8651174861 Added the convenience function UpnpResolveURL2() to upnptools.c.
This function avoids some unecessary memory allocation.
The memory alloc'd by this function must be freed later by the caller.
2010-11-15 01:01:07 -02:00
Fabrice Fontaine
e6c548f57a Add GENA_NOTIFICATION_xxx_TIMEOUT variable.
Currently, in notify_send_and_recv function, pupnp waits for
HTTP_DEFAULT_TIMEOUT seconds when trying to send a GENA notification.
When there is a lot of notifications with CPs which was disconnected
without unsusbcribing, all the pupnp threads are blocked on this
timeout. To correct, this issue, this patch adds a new variable,
GENA_NOTIFICATION_SENDING_TIMEOUT, which can be used to lower the
timeout so GENA threads return quickly when writing is impossible. By
the same mean, pupnp waits the CP's answer to the NOTIFY for
HTTP_DEFAULT_TIMEOUT seconds, so this patch adds a new variable,
GENA_NOTIFICATION_ANSWERING_TIMEOUT, to customize this value.
2010-11-11 21:42:50 -02:00
Fabrice Fontaine
32cffb5bb5 Add --disable-blocking-tcp-connections flag.
Currently, pupnp is using a blocking connect to sends GENA
notifications. As a result, when there is a lot of notifications with
CPs which were disconnected without unsusbcribing, all the pupnp
threads are blocked for 20s (timeout). To correct this issue, this
patch replace the call to connect with a call to private_connect and add
a compilation flag to disable blocking TCP connections, so if we are not
able to connect to the CP, the notification is lost.
2010-11-11 21:40:22 -02:00
Marcelo Roberto Jimenez
d32212a6fd Changelog and THANKS update. 2010-11-07 19:20:03 -02:00
Marcelo Roberto Jimenez
ff006272b5 PTHREAD_MUTEX_RECURSIVE on DragonFly is an enum.
SF Bug Tracker - ID: 3104527
Submitted: OBATA Akio ( obache ) - 2010-11-07 07:10:28 BRST

In threadutil/inc/ithread.h, it is expected that
PTHREAD_MUTEX_RECURSIVE is defined as macro. But on DragonFly BSD,
it is defined as enum, so not works as expected.

Attachment patch treat that DragonFly BSD always
have PTHREAD_MUTEX_RECURSIVE.
2010-11-07 11:49:33 -02:00
Marcelo Roberto Jimenez
852c301c5c ftime(3) in -lcompat should not be checked.
SF Bug Tracker - ID: 3104521
Submitted: OBATA Akio ( obache ) - 2010-11-07 07:03:44 BRST

In configure.ac
AC_CHECK_FUNCS(ftime,, [AC_CHECK_LIB(compat, ftime)])

But since version 1.6.3, ftime(3) is not used, so it should be
removed, or introduce unwanted linkage with -lcompat.
2010-11-07 09:45:05 -02:00
Marcelo Roberto Jimenez
d270499cd8 Homekeeping for the next release. 2010-11-07 01:43:50 -02:00
Marcelo Roberto Jimenez
ef7edf6cf8 Fix for "SampleUtil_Initialize was called multiple times!" bug.
Fix for bug introduced in samples code in svn revision 502, commit
git:25c908c558c8e60eb386c155a6b93add447ffec0

Sample device and combo were aborting with the message:
"***** SampleUtil_Initialize was called multiple times!"
2010-11-06 00:45:24 -02:00
Fabrice Fontaine
c65ec8a720 Make multiple SSDP advertisements faster.
Put the loop to send multiple copies of each SSDP advertisements in
ssdp_server.c instead of ssdp_device.c so we have only one call to
imillisleep ( SSDP_PAUSE ) to speed up advertisements.
2010-11-05 23:52:17 -02:00
Fabrice Fontaine
2d22e997e1 Removing unused NUM_COPY variable.
Previously, NUM_COPY was used in ssdp_device.c to send multiple copies
of each advertisements but also multiple replies to each M-SEARCH
request. As sending multiple replies is not compliant with HTTPU/MU
spec, NUM_COPY has been set to 1 in an older patch. However, as this
variable is not needed and has been replaced with SSDP_COPY, it has
been removed.
2010-11-05 23:52:11 -02:00
Fabrice Fontaine
96dc968f18 Use SSDP_COPY to send multiple SSDP advertisements.
Currently, SSDP_COPY is used only to send multiple M-SEARCH requests (in
ssdp_ctrlpt.c). With this patch, SSDP_COPY is also used to send multiple
copies of each advertisements packets (in ssdp_device.c).
2010-11-05 13:25:40 -02:00
Carl Benson
8e846368e0 patch for taking notice of UPNP_USE_RWLOCK flag in threadutil
By "Carl Benson" <carl.benson@windriver.com>:

I had to do some modifications myself though, because the Android
build system insists on having a file named "util.h" taking precedence
in its include path, libupnp gets confused because of the same filename
in upnp/src/inc/util.h
2010-11-01 01:06:11 -02:00
Marcelo Roberto Jimenez
9be360bcd1 Homekeeping for the next release. 2010-10-20 11:15:23 -02:00
Marcelo Roberto Jimenez
bf1450bf81 Fix a long date memory leak in webserver.c:StrStr(). 2010-10-20 00:29:08 -02:00
Marcelo Roberto Jimenez
56b9c75056 Changelog fix. 2010-10-19 16:11:39 -02:00
Marcelo Roberto Jimenez
2bdc9e075e Bug fix in select of miniserver.c
Fix a bug in miniserver.c, in which maxMiniSock was wrongly declared as
unsigned int and as a result it was beeng set to ((unsigned int)(-1)).
As a result, after beeing incremented, it became zero, and this value
was beeing used in the select() call.

Thanks to Fabrice Fontaine for helping and testing with this issue.
2010-10-19 15:49:36 -02:00
Marcelo Roberto Jimenez
f74746ff3f Fix for 100% CPU issue in select() in miniserv.c. I have also removed
the sleep() call, it was just a workaround.

SF Bug Tracker [ 3086852 ] 99% CPU loop in miniserver.c on a non ipv6
system.

Submitted by: Jin ( jin_eld ) - 2010-10-13 19:29:13 UTC

I cross compiled libupnp 1.6.7 for ARM9 using the --disable-ipv6
option, my system is an ipv4 only setup.

I do not know why this problem only appears when running the app in the
background (for instance using nohup &), but then it starts using 99%
CPU.

I traced the problem down to the select() call in miniserver.c in the
RunMiniServer() function. Select returns code 1, but errno is set to
"Socket operation on non-socket", I also see this when running my app
under strace.

I set all ...Sock6 variables to INVALID_SOCKET to make sure that they
do not get added to the FD_SET and the problem is gone.
2010-10-15 12:41:36 -03:00
Marcelo Roberto Jimenez
3dab2bd00a Homekeeping for the next release. 2010-10-04 09:58:15 -03:00
Fabrice Fontaine
c73d870f46 Adding --disable-notification-reordering option
Adding a configure flag to disable GENA notification reordering as even
with an imillisleep(1), this mechanism consumes too much CPU on embedded
devices when there is a burst of notifications.
2010-10-02 13:44:52 -03:00
Fabrice Fontaine
ab54cb3dc5 Bug fix when there is no service in embedded devices
When a device with embedded devices (like IGD) when created and one of
the embedded devices did not have any service, there was a Segmentation
Fault (see SF Tracker [ 2688125 ]).
2010-09-30 11:51:06 -03:00
Fabrice Fontaine
c33b11d09f Bug fix on burst of GENA notification
When a lot of notifications were generated by a device in a short
period of time then 100% of the CPU was used to reorder those
notifications by pushing back the thread in the job queue. This
mechanism has been modified so now thread sleep 1 ms before being
pushed back into the job queue.

Removing DEFAULT_SCHED_PARAM parameter and use
sched_get_priority_min(DEFAULT_POLICY) instead.
2010-09-28 20:41:28 -03:00
Fabrice Fontaine
4966423d96 Bug fix on M-SEARCH response
Devices must respond to M-SEARCH requests for any supported version and the
response should specify the same version as was contained in the search target.
Previously, the device did not answer if the M-SEARCH request did not
contain the same version number than the version number of the device.
2010-09-22 15:34:45 -03:00
Fabrice Fontaine
d2238615e3 Add Content-Language iff Accept-Language
Add Content-Language header in the response if and only if there is an Accept-Language header in the request.
2010-09-21 13:50:29 -03:00
Fabrice Fontaine
2fcbe6df52 Addition of WEB_SERVER_CONTENT_LANGUAGE parameter
This patch adds the WEB_SERVER_CONTENT_LANGUAGE parameter so the user can specify
the language used by the device during Description and Presentation steps of UPnP
through the HTTP CONTENT-LANGUAGE header.
By default, the WEB_SERVER_CONTENT_LANGUAGE is an empty string so no
CONTENT-LANGUAGE is added.
2010-09-21 08:48:40 -03:00
Fabrice Fontaine
467f9987a1 Customize the stack size of the threads used by pupnp through the new THREAD_STACK_SIZE variable
This patch allows a user to customize the stack size of the threads used by
pupnp through the new THREAD_STACK_SIZE variable. This is especially useful
on embedded systems with limited memory where the user can set THREAD_STACK_SIZE
to ITHREAD_STACK_MIN.

However, as this modification can have side effects, I set 0 as the default
value, so threads will continue to use the default stack size of the system
(which varies greatly as stated in
https://computing.llnl.gov/tutorials/pthreads/).
2010-09-18 06:45:56 -03:00
Marcelo Roberto Jimenez
8fbecaee5e Another fix for Changelog. 2010-09-16 08:42:14 -03:00
Fabrice Fontaine
55d581481f Broken IPv6.
IPv6 is currently broken in latest release of branch-1.6.x, so find
a patch attached that correct the issue (small fixes on define,
undef and retVal).
2010-09-16 08:21:41 -03:00
Warwick Harvey
2b399b1791 Take notice of UPNP_USE_RWLOCK flag.
Updated threadutil to use mutexes instead of read-write locks if
UPNP_USE_RWLOCK is false (0).
2010-09-10 22:43:30 -03:00
Marcelo Roberto Jimenez
25a4bd6d25 2010-09-10 Jean Sigwald <jean.sigwald(at)orange-ftgroup.com>
I discovered a reliable denial-of-service issue on the last stable
release of libupnp (1.6.6) remotely triggerable by any
unauthenticated user. The issue is related with a bad parsing of
malformed XML.
2010-09-10 19:26:10 -03:00
Marcelo Roberto Jimenez
5755ac022f SF Patch Tracker [ 2854711 ] Patch for Solaris10 compilation and usage
Submitted By: zephyrus ( zephyrus00jp )

Patch for Solaris10 compilation and usage.
2010-09-10 19:02:31 -03:00