262 Commits

Author SHA1 Message Date
Fabrice Fontaine
1dbcdaef98 SF Bug Tracker id 3496938 - Missing structures initialisation in some functions
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:31:16 PST

Memsetting to 0 some of the structures: finfo in process_request,
job in readFromSSDPSocket, request in http_OpenHttpGetEx, job in
genaNotifyThread, job in genaNotifyAllExt, job in genaNotifyAll,
job in genaInitNotifyExt, job in genaInitNotify, LocalAddr in
getlocalhostname.
(cherry picked from commit 7301f462690b7c62ed62c94650d95bda1064ecec)
2012-03-05 10:33:30 -03:00
Fabrice Fontaine
f25c62e65c SF Bug Tracker id 3496934 - Memory leaks in getlocalhostname and UpnpGetIfInfo
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:25:42 PST

LocalSock is not closed if ioctl(LocalSock, SIOCGIFCONF, &ifConf);
returns an error.
(cherry picked from commit bd203e780e10700b9ef7d941b5023c5f558e445d)
2012-03-05 10:33:30 -03:00
Fabrice Fontaine
078b4cf2c6 SF Bug Tracker id 3496933 - Out-of-bounds access in CheckOtherHTTPHeaders
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:15:34 PST

An out-of-bands access is raised because size of
RespInst->AcceptLanguageHeader is 200 and TmpBuf size is 180.
(cherry picked from commit 69f3fe2330877f05311d6d37eb7f6537e3c2172f)
2012-03-05 10:33:30 -03:00
Fabrice Fontaine
0eb4101492 Remove unused currentDevice variable in removeServiceTable
currentDevice is not used in this function.
(cherry picked from commit 52df3081dfdd684a2deaa1f5eec8f86292496cd6)
2012-03-05 10:33:30 -03:00
Fabrice Fontaine
1480623410 SF Bug Tracker id 3496581 - Memory leak in getServiceList
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-03 08:43:23 PST

serviceNodeList is not freed if
current->next = malloc(sizeof(service_info)); returns NULL.
(cherry picked from commit 71e77a5b27205f50bbe9534663b83147303668a0)
2012-03-05 10:33:30 -03:00
Fabrice Fontaine
b4cc5df288 SF Bug Tracker id 3495616 - Memory leak in ixmlElement_setAttributeNS
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-02-29 02:09:43 PST

newAttrNode is not freed if newAttr->n.nodeValue = strdup(value); returns
NULL or if ixmlElement_setAttributeNodeNS(element, newAttr, NULL) does
not return IXML_SUCCESS.
(cherry picked from commit a79a149e6a77946701ab32a54eb95f734461ee24)
2012-03-05 10:33:30 -03:00
Fabrice Fontaine
89c174cc71 SF Bug Tracker id 3495286 - Double free in get_action_node
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-02-28 04:27:54 PST

ixmlFreeDOMString(ActNodeName); is called twice if
ixmlParseBufferEx(ActNodeName, RespNode); does not return IXML_SUCCESS.
(cherry picked from commit 0693adc7dc978c6802d62b4368b0e87b6dfd2d6f)
2012-03-05 10:33:30 -03:00
Fabrice Fontaine
b441c6f4a8 SF Bug Tracker id 3495280 - Memory leak in ixmlDocument_createElementEx
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-02-28 04:01:02 PST

There is a memory leak in ixmlDocument_createElementEx:
newElement->tagName is not freed if
newElement->n.nodeName = strdup(tagName); returns NULL.
(cherry picked from commit 076f8e5be6e2813883f2573e3001047a6614799f)
2012-03-05 10:33:30 -03:00
Fabrice Fontaine
9125d82010 SF Bug Tracker id 3494865 - Use of non-initialized variable in parser_parse_requestline
Submitted: Marcelo Roberto jimenez ( mroberto ) - 2012-02-26 16:50:23 PST

src/genlib/net/http/httpparser.c: In function ‘parser_parse_requestline’:
src/genlib/net/http/httpparser.c:1319:28: warning: ‘index’ may be used uninitialized in this function
2012-02-29 15:44:18 +01:00
Marcelo Roberto Jimenez
81da3d004a SF Bug Tracker id 3489999 - UpnpString leaks in genaSubscribe()
Submitted: Yoichi NAKAYAMA ( yoichi ) - 2012-02-21 07:06:35 PST

In genaSubscribe() (defined in upnp/src/gena/gena_ctrlpt.c),
ActualSID and EventURL will not be freed if ScheduleGenaAutoRenew
returns UPNP_E_SUCCESS.

This fixes the an issue introduced by the previous fix.
2012-02-26 21:45:01 -03:00
Marcelo Roberto Jimenez
76c7fc26eb SF Bug Tracker id 3489999 - UpnpString leaks in genaSubscribe()
Submitted: Yoichi NAKAYAMA ( yoichi ) - 2012-02-21 07:06:35 PST

In genaSubscribe() (defined in upnp/src/gena/gena_ctrlpt.c),
ActualSID and EventURL will not be freed if ScheduleGenaAutoRenew
returns UPNP_E_SUCCESS.

This fixes the original issue.
(cherry picked from commit bc473d5e68c0d7248c4fffae0579f229357d04cf)

Conflicts:

	upnp/src/gena/gena_ctrlpt.c
2012-02-26 01:19:47 -03:00
Marcelo Roberto Jimenez
c222fd9a01 Merge branch 'chandra' into master
Conflicts:
	upnp/src/api/upnpapi.c
	upnp/src/genlib/net/http/httpreadwrite.c
	upnp/src/genlib/net/sock.c
2012-02-25 23:46:35 -03:00
Chandra Penke
20b3fe3c48 My squashed commits 2012-02-25 23:38:22 -02:00
Chandra Penke
8eec345e49 Refactor HTTP Client API 2012-02-25 23:38:21 -02:00
Marcelo Roberto Jimenez
7641dab89e SF Bug Tracker: UpnpString leaks in genaSubscribe()
In genaSubscribe() (defined in upnp/src/gena/gena_ctrlpt.c),
ActualSID and EventURL will not be freed.
(cherry picked from commit 2940cbf94a81bdfebb2e6a61a4d2a5488050748a)
2012-02-23 16:31:42 -02:00
Marcelo Roberto Jimenez
cf0f53bb63 SF Bug Tracker: http lib only accepts HTTP/1.1 - ID:3485745
Submitted by Berend Dekens ( Berend Dekens ) - 2012-02-08 06:24:31 PST

In httpparser.c on line 1385 it says that HTTP 1.0 replies are blocked
because the UPnP verfication tool requires this.

I looked in the specs and as far as I can find, one should only be
carefull to send chunked communication to hosts supporting HTTP 1.1.
There is no requirement to support only HTTP 1.1.

The XBMC media server uses the Platinum UPnP library which replies
using HTTP/1.0 messages. As it is now, libupnp returns an error while
trying to parse the response while the response itself is completely
valid.

Is there a requirement in the UPnP 1.0 spec that I missed or is this
restriction self-imposed? And can it be lifted?

-------------------------------------------------------------------

Comment by Fabrice Fontaine:

Hide
Hi,

You're right, this modification should be removed. This version checking
was wrongly added in parser_parse_responseline function.

...
(cherry picked from commit d87c966ec5f17d5fbef1b409f426c0d70cd6231f)
2012-02-23 15:31:30 -02:00
Edwin Stearns
2bb8c35ce1 Be nice to a server that returns its URL without a trailing slash
Attached is a patch that resolved an issue I found with a server that
gave its device description URI without a trailing slash (e.g.
`http://127.0.0.1:5555`).
(cherry picked from commit a9c24fc7f327adefc5708e4565d15d65c49224ab)
2012-02-18 11:42:30 -02:00
Fabrice Fontaine
5248fe05ac Bug fix for IPv4-mapped IPv6 addresses.
Setting IPv6 sockets with IPV6_V6ONLY flag to avoid getting IP packets
with IPv4-mapped IPv6 addresses on IPv6 sockets.
2012-02-18 11:41:54 -02:00
Marcelo Roberto Jimenez
c27d685b24 Homekeeping to match the stable branch release. 2012-01-25 10:46:41 -02:00
Marcelo Roberto Jimenez
b395c4a047 Fixes Changelog merge problem. 2012-01-25 10:45:35 -02:00
Fabrice Fontaine
c7b340833f Bug fix on M-SEARCH for IPv6 CPs.
Small bug fix on IPv6 Control Point: now CP will also send M-SEARCH on
site-scope address (FF05::C) instead of only sending M-SEARCH on
link-scope (FF02::C).
2012-01-25 10:15:12 -02:00
Fabrice Fontaine
1d753a56f6 Bug fix for IPv4-mapped IPv6 addresses.
Setting IPv6 sockets with IPV6_V6ONLY flag to avoid getting IP packets
with IPv4-mapped IPv6 addresses on IPv6 sockets.
(cherry picked from commit 80a65e5f61bc16d4a27c3f82774e2039a391794f)
2012-01-25 09:59:17 -02:00
Marcelo Roberto Jimenez
ea7610ca3c Fix for return value of UpnpResolveURL and UpnpResolveURL2
SF Bug tracker, ID: 3469344
	Submitted: dimmman ( dimmman ) - 2012-01-04 01:44:29 PST
	Details: Looking at the code (v1.6.14, upnptools.c) for UpnpResolveURL
	and UpnpResolveURL2 it shows that the ExitFunction: always returns
	UPNP_E_SUCCESS.

	I'm farily sure it's a simple mistake that should have been "return ret;"
	in both cases.

	Br,
	Jonny
(cherry picked from commit 3b33626e2f34f73beb78fbe899abb05a47dec494)
2012-01-09 09:00:56 -02:00
Marcelo Roberto Jimenez
96112229a5 Homekeeping to match the stable branch release. 2011-11-14 13:05:51 -02:00
Fabrice Fontaine
4b82bb7baf UPnP Low Power support
Adding two new functions (UpnpSendAdvertisementLowPower and
UpnpUnRegisterRootDeviceLowPower) which can be used to specify values
for the three SSDP headers defined by UPnP Low Power. Those headers are
Powerstate, SleepPeriod and RegistrationState.
(cherry picked from commit 98e4f938d63226bcb623dd7d9cd1855482318534)
2011-11-04 20:34:00 -02:00
Fabrice Fontaine
c86d963abe Bug fix in IN6_IS_ADDR_GLOBAL.
Changing IN6_IS_ADDR_GLOBAL to accept all IPv6 addresses which have a
2000::/3 prefix.
(cherry picked from commit 92c93a8010a70bc9b8d62db88648b5ed6de7794b)
2011-11-01 19:02:15 -02:00
Fabrice Fontaine
5cf603dcab Bug Fix on M-SEARCH.
Do not answer to M-SEARCH using HTTP version 1.0 as specified by the
UPnP Device Architecture.
(cherry picked from commit 6c6fb3707f809b7bf7373b2fbe496913255f6227)
2011-07-20 06:24:21 -03:00
Iain Denniston
259bed7787 Fixes for compilation under Windows (specifically MSVC). Also added MSVC supported "_inline", and fixed some WIN32 specific warnings.
(cherry picked from commit 92ea7198042c9946f0e106f34ebfd27da1e75f93)
2011-04-02 23:50:36 -03:00
Iain Denniston
7392697aec Several fixes to correctly use SOCKET (and related) types instead of non-portable variations.
(cherry picked from commit fed316ff3e5aeca34f825a60796a1eac05b8e43a)
2011-04-02 23:50:25 -03:00
Marcelo Roberto Jimenez
f8831d0196 Homekeeping for the stable branch release. 2011-03-17 09:40:28 -03:00
Fabrice Fontaine
babfc0ac60 Putting ssdpReqSocks under compilation flag.
Putting all access to ssdpReqSock4 and ssdpReqSock6 under
INCLUDE_CLIENT_APIS compilation flag to be able to compile when
client part of library is disable.
(cherry picked from commit 0996d23318e4249f37f4fb8640f563fd4dcbcd29)
2011-03-15 18:58:51 -03:00
Fabrice Fontaine
daec6a0321 New UpnpRegisterRootDevice4 for legacy CPs.
Add a new UpnpRegisterRootDevice4 which allow user to specify a
description URL to be returned for legacy CPs (for example, CPs
searching for a v1 when the device is v2). Most of those CPs does not
work if they found a v2 in the XML description, so this new function is
only used to solve interoperability issues.
(cherry picked from commit 11f9a2bafe15f7ebb38342f26fb91258390a64ef)
2011-03-15 18:19:59 -03:00
Iain Denniston
bbe6d49b46 Fix for memory leak
(cherry picked from commit 8aca337de780b0ed2f90a97df20c84f9b2335c39)
2011-03-11 18:35:30 -03:00
Iain Denniston
d691732554 Fix and Update of MSVC9 solution and project files
(cherry picked from commit a78a048577d048aac2003cfd72e658f99d5a30b7)
2011-03-11 18:08:11 -03:00
Iain Denniston
fed2e4f8e5 Partial fix for UpnpGetIfInfo with MSVC
(cherry picked from commit 7338411c08a571330efab12241016e1bcf95a0aa)
2011-03-11 17:59:39 -03:00
Marcelo Roberto Jimenez
a3683a3be0 Created the macros PRIzd and PRIzx to deal with MSVC lack of C99.
Thanks to Iain Denniston for pointing it out.
(cherry picked from commit 3a9ae348bcce79ee87633d0e302eae8d4719d587)
2011-03-11 17:21:18 -03:00
Iain Denniston
a1d7727903 Fixes for headers when compiled under C++
(cherry picked from commit 840669b2536099023ceb56b76fd9e67e77f17e9c)
2011-03-11 16:11:19 -03:00
Marcelo Roberto Jimenez
1df5609d52 Fix for uuid_unpack incorrect shift precedence. 2011-03-10 16:26:11 -03:00
Marcelo Roberto Jimenez
5a8aec58aa Changelog update. 2011-02-08 21:55:13 -02:00
Marcelo Roberto Jimenez
b6baca8eb0 Remove PrintThreadPoolStats() from the public API.
This function uses a ThreadPool object as an argument, which is not
supposed to be exported. Also, debug compilation was broken.
(cherry picked from commit 32e510b45abfc99a9c9c6c7addbc21769244ffdb)
2011-02-07 22:43:40 -02:00
Fabrice Fontaine
28f4d398d8 Major bug fix in IPv6 code.
Major bug fix in miniserver.c for IPv6, bug was introduced when
changing implementation of get_port in November 20th 2010 ("gena:fix
several compiler warnings" commit).
(cherry picked from commit 063d472f8013f85b73fe4a638e5bcd3f17d4b037)
2011-02-07 21:28:08 -02:00
Marcelo Roberto Jimenez
ee9f83c3d5 Fix for incorrectly exported include files.
The files FreeList.h, LinkedList.h, ThreadPool.h and TimerThread.h
from the threautil library were being installed in the include
directory of the library, incorrectly exposing internal data structure
of the library.
(cherry picked from commit 0bbe9f62dff09d718882195a9688aad3340944ab)
2011-02-06 11:55:04 -02:00
Chandra Penke
40239ca44a Fix for compilation errors
Fix for compilation warnings of unused variables in upnpdebug.c in
release builds.
(cherry picked from commit 6c125feea094389ff528a50310e49cd686866c25)
2011-01-30 09:43:00 -02:00
Chandra Penke
a2eca3b19d Fix for Race condition can hang miniserver thread.
Add 'requiredThreads' field to the ThreadPool structure, to avoid
a race condition when waiting for a new thread to be created. The
race condition occurs when a thread is destroyed while the master
thread is waiting for a new thread to be created.

Thanks to Chuck Thomason for pointing the problem.

Summary: Race condition can hang miniserver thread - ID: 3158591

Details:
Hello,

I have found a race condition in the thread pool handling of
libupnp-1.6.6 that periodically results in the miniserver thread
getting blocked infinitely.

In my setup, I have the miniserver thread pool configured with 1
job per thread, 2 threads minimum, and 50 threads maximum.

Just before the lockup occurs, the miniserver thread pool contains
2 threads: one worker thread hanging around from a previous HTTP
request job (let's call that thread "old_worker") and the
miniserver thread itself.

A new HTTP request comes in. Accordingly, the miniserver enters
schedule_request_job() and then ThreadPoolAdd(). In
ThreadPoolAdd(), the job gets added to the medium-priority queue,
and AddWorker() is called. In AddWorker(), jobs = 1 and threads =
1, so CreateWorker gets called.

When we enter CreateWorker(), tp->totalThreads is 2, so
currentThreads is 3. The function creates a new thread and then
blocks on tp->start_and_shutdown. The miniserver thread expects
the newly created thread to increment tp->totalThreads and then
signal the condition variable to wake up the miniserver thread and
let it proceed.

The newly created thread starts in the WorkerThread() function. It
increments tp->totalThreads to 3, does a broadcast on the
start_and_shutdown condition, and starts running its job. However,
before the miniserver thread wakes up, "old_worker" times out. It
sees that there are no jobs in any queue and that the total number
of threads (3) is more than the minimum (2). As a result, it
reduces tp->totalThreads to 2 and dies.

Now the miniserver thread finally wakes up. It checks
tp->totalThreads and sees that its value is 2, so it blocks on
tp->start_and_shutdown again. It has now "missed" seeing
tp->totalThreads get incremented to 3 and will never be unblocked
again.

When this issue does occur for a server device, the miniserver
port remains open, but becomes unresponsive since the miniserver
thread is stuck. SSDP alive messages keep getting sent out, as
they are handled by a separate thread. Reproducing the issue is
difficult due to the timing coincidence involved, but in my
environment I am presently seeing it at least once a day. I
figured out the sequence described above through addition of my
own debug logs.

The relevant code involved in this bug has not changed
substantially in libupnp-1.6.10, though I am planning to test
against 1.6.10 as well in the near future.

Do you have any input for an elegant fix for this issue?

Thanks,

Chuck Thomason
(cherry picked from commit c4e9757bcf26c48791cc9c4e4f6a355e1faf49e5)
2011-01-20 04:46:57 -02:00
Chandra Penke
1a574ed6cf Fix for large file definitions, FileInfo.h must include upnpconfig.h 2011-01-17 08:55:57 -02:00
Marcelo Roberto Jimenez
7dae12f17d Fix some ChangeLog dates. 2011-01-17 08:40:00 -02:00
Chandra Penke
bf30519f6c Fix for warnings in Apple systems 2011-01-17 08:18:32 -02:00
Marcelo Roberto Jimenez
bdb3f880b7 Define _FILE_OFFSET_BITS, _LARGEFILE_SOURCE and _LARGE_FILE_SOURCE in upnpconfig.h.
Make these definitions available to programs using the library.
Thanks to Chandra Penke for pointing the problem.
(cherry picked from commit abfa84131803ee0a65bc0382f86cca9065b6e76e)
2011-01-16 22:39:37 -02:00
Marcelo Roberto Jimenez
348bf19412 Use config.h to test for the availability of strndup() and strnlen().
(cherry picked from commit 541679d6513ce0c4fc257b2b6f6708e5819c84eb)
2011-01-16 21:06:00 -02:00
Marcelo Roberto Jimenez
60c9e95637 Fix for UpnpFileInfo_get_LastModified() in http_MakeMessage().
UpnpFileInfo_get_LastModified() returns time_t, and http_MakeMessage()
takes a "time_t *". Thanks to Chandra Penke for pointing the bug.
2011-01-16 15:09:01 -02:00