I discovered a reliable denial-of-service issue on the last stable
release of libupnp (1.6.6) remotely triggerable by any
unauthenticated user. The issue is related with a bad parsing of
malformed XML.
defines. These were just aliases, no reason to keep them.
* Changed the comments of the include files that expose the UPnP API
to use only C89 comments and no C99 comments.
git-svn-id: https://pupnp.svn.sourceforge.net/svnroot/pupnp/trunk@198 119443c7-1b9e-41f8-b6fc-b9c35fce742c
Thanks to David Maass.
* sizeof is unsigned, so %zu is more adequate than %zd.
* Using an invented printf directive PRIzu that on MSVC
expands to "lu", and on normal C99 compilers expands to "zu".
* Rewrote raw_find_str. Now it no longer uses strcasestr(), but it
transforms the first input buffer into lowercase.
git-svn-id: https://pupnp.svn.sourceforge.net/svnroot/pupnp/trunk@184 119443c7-1b9e-41f8-b6fc-b9c35fce742c
Submitted By:
Fredrik Svensson - svefredrik
This patch fixes a segmentation fault problem that occurrs when parsing
XML code than some routers produce.
git-svn-id: https://pupnp.svn.sourceforge.net/svnroot/pupnp/trunk@120 119443c7-1b9e-41f8-b6fc-b9c35fce742c
Submitted By:
Fredrik Svensson - svefredrik
A few modifications to the patch were made:
1) Do not introduce new CRLF's where there were none.
2) Applied the same original idea to two other palces in soap_ctrlpt.c.
git-svn-id: https://pupnp.svn.sourceforge.net/svnroot/pupnp/trunk@114 119443c7-1b9e-41f8-b6fc-b9c35fce742c
