Commit Graph

760 Commits

Author SHA1 Message Date
Yoichi NAKAYAMA
9223094468 Handle overflow in http_SendMessage.
(cherry picked from commit d952ebfb44)
2012-03-11 12:09:46 -03:00
Yoichi NAKAYAMA
da1dec9ee5 Detect overflow in addrToString called from configure_urlbase.
Pass output buffer size to addrToString and detect overflow.
Handle addrToString error in configure_urlbase.
(cherry picked from commit 56b44fee91)
2012-03-11 12:09:46 -03:00
Yoichi NAKAYAMA
6ba4181fe6 Detect overflow in CreateClientRequestPacket(UlaGua).
Pass output buffer size to CreateClientRequestPacket(UlaGua)
from SearchByTarget and detect overflow.
Handle SearchByTarget error in UpnpSearchAsync.
(cherry picked from commit ff635f92c0)
2012-03-11 12:09:46 -03:00
Yoichi NAKAYAMA
1ed33f3c5b Clarify the last argument of GetDescDocumentAndURL has size LINE_SIZE.
(cherry picked from commit 19a23dafba)
2012-03-11 12:09:46 -03:00
Yoichi NAKAYAMA
4e20af9ee9 For inet_ntop, use buffer with size INET6_ADDRSTRLEN or INET_ADDRSTRLEN.
(cherry picked from commit bd7f83feb5)
2012-03-11 12:09:46 -03:00
Yoichi NAKAYAMA
37b0afe1dc Treat large argument as error in UpnpAddVirtualDir.
(cherry picked from commit e4678168fa)
2012-03-11 12:09:46 -03:00
Yoichi NAKAYAMA
17e1f6aa09 Do not clear buffer before snprintf.
It had no effect since snprintf can overwrite whole buffer.
(cherry picked from commit a0dc3482dc)
2012-03-11 12:09:45 -03:00
Yoichi NAKAYAMA
659182ef9b Add assertion and narrow variable scope in resolve_rel_url().
I've confirmed enough buffer is allocated for output.
(cherry picked from commit 87d1d3c3ec)
2012-03-11 12:09:45 -03:00
Yoichi NAKAYAMA
6ea4cc41ef Handle allocation error in strndup to avoid access violation.
Return NULL before calling strncpy.
Platforms with HAVE_STRNDUP are not affected.
(cherry picked from commit 194397b6d6)
2012-03-11 12:09:45 -03:00
Yoichi NAKAYAMA
2b3f5bbcee Fix buffer size for strncpy in UpnpAddVirtualDir()
Since 1st argument precedes the beginning of the buffer,
it is necessary to reduce the value of 3rd argument.
(cherry picked from commit b78eaf4e43)
2012-03-11 12:09:45 -03:00
Yoichi NAKAYAMA
acc8e372c8 Synchronize autoconfig.h with upnpconfig.h.
It fixes WIN32 build where configure is not invoked.
(cherry picked from commit a54d6e7e83)
2012-03-11 12:09:45 -03:00
Yoichi NAKAYAMA
97e1f19323 fix missing assignment in commit e722d8c375
(cherry picked from commit 18bf3b1c9c)
2012-03-11 12:09:45 -03:00
Fabrice Fontaine
77d42c2db1 More compilaton optimisation
Do not compile most of service_table.c and client_table.c if
--disable-gena is used.
Do not compile urlconfig.c if --disable-webserver is used.
Adding new UPNP_HAVE_xxx variables in upnpconfig.h and upnpconfig.h.in.

(forward port of commit bb140000c0)
2012-03-11 12:08:47 -03:00
Fabrice Fontaine
a12d5a6f7d Optimisation of --disable-webserver
Do not compile webserver.c if --disable-webserver is used.
(cherry picked from commit 7aef73d7eb)
2012-03-11 12:05:29 -03:00
Fabrice
2fc9200b85 Improve threadutil
Remove "dereference NULL return" errors and implicit conversions to
double or enum types.
(cherry picked from commit 77c73884b8)
2012-03-11 12:05:29 -03:00
Fabrice Fontaine
783ebbc0ca Optimisation of --disable-webserver
Do not compile miniserver.c if --disable-webserver is used.
(cherry picked from commit 72eecacf56)
2012-03-09 12:15:03 -03:00
Fabrice Fontaine
f27461c871 Adding configure options
Adding --disable-ssdp, --disable-soap, --disable-gena options to
configure script.
(cherry picked from commit 601332f88f)
2012-03-09 12:15:03 -03:00
Marcelo Roberto Jimenez
03ea4e85ab Merge remote branch 'origin/master' 2012-03-09 11:25:23 -03:00
Fabrice Fontaine
10ad771410 Bug fix of last commit
_snprintf was wrongly defined in ssdp_server.c
(cherry picked from commit e95b4cc53a)
2012-03-09 11:21:40 -03:00
Fabrice Fontaine
d19c0757dc SF Bug Tracker id 3499781 - msvc doesn't have snprintf
Submitted: Yoichi NAKAYAMA ( yoichi ) - 2012-03-08 10:18:39 PST

97a17ff5ad commit breaks build on
windows/msvc since there is no snprintf.

Note:
* Some existing sources use _snprintf when WIN32 is defined, but its
behavior is a bit different from C99 snprintf.
* snprintf does terminate the buffer, so the commit (use buffer size
minus 1 as argument) changes the behavior at the boundary.
* Truncation might be better than crash in some cases. But it may
result in not good.

(forward port of commit e722d8c375)
2012-03-09 11:21:40 -03:00
Raymond Wen
0ca7637033 fix bug: the project can't compile on windows with vs 2005
- define UPNP_USE_MSVCPP when necessary
- set release build's output directory to be consistent with debug build
- add missing ClientSubscription.c to libupnp project
- reference correct source files in sample project
2012-03-09 11:21:39 -03:00
Marcelo Roberto Jimenez
0097180ce4 Merge pull request #1 from rxwen/master
fix bug: upnp can't compile on windows vs 2005
2012-03-08 13:01:16 -08:00
Marcelo Roberto Jimenez
4bd3b6b969 SF Bug Tracker id 3499878 - UpnpUnSubscribeAsync(): ‘retVal’ may be used uninitialized
Submitted: Marcelo Roberto Jimenez ( mroberto ) - 2012-03-08 12:38:57 PST

src/api/upnpapi.c: In function ‘UpnpUnSubscribeAsync’:
src/api/upnpapi.c:2060:6: warning: ‘retVal’ may be used uninitialized in this function
(cherry picked from commit 29ee36b1ca)
2012-03-08 17:42:36 -03:00
Marcelo Roberto Jimenez
027ce49600 SF Bug Tracker id 3175217 - Crash bug in Parser_addNamespace()
Submitted: Terry Farnham ( tfarnham ) - 2011-02-07 09:25:25 PST

Details: The strcmp(pNode->prefix,pCur->prefix) crashes on pCur->prefix
being NULL. This occurs on invalidly formatted xml where a node uses an
undefined namespace. I would expect to receive IXML_FAILED in this
situation.
(cherry picked from commit 2fb791c9bb)
2012-03-08 13:52:04 -03:00
Marcelo Roberto Jimenez
5373ed560a White spaces and coding style
(cherry picked from commit d909297aa7)
2012-03-08 13:40:05 -03:00
Fabrice Fontaine
63cccfff08 Removing access to NULL pointers in node.c and element.c
Check that newNode is not NULL ixmlNode_cloneNodeTree and pass newAttr
as the return node in the ixmlElement_setAttributeNodeNS call of
ixmlElement_setAttributeNS.
(cherry picked from commit 9b616a08df)
2012-03-08 13:08:52 -03:00
Fabrice Fontaine
10805cb8cc Memory leaks correction in upnpapi.c
Fix memory leaks in UpnpUnSubscribe, SendActionExAsync and
RenewSubscription.
(cherry picked from commit 3ab8d536a0)
2012-03-08 13:08:52 -03:00
Fabrice Fontaine
bd41182cf3 SF Bug Tracker id 3496993 - Write after free in ixmlNode_insertBefore
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 04:54:40 PST

If ixmlNode_isParent(nodeptr, newChild) returns TRUE,
ixmlNode_removeChild(nodeptr, newChild, NULL) will free newChild before
the modifications of newChild->nextSibling and newChild->prevSibling.
(cherry picked from commit 4f34a12a83)
2012-03-08 13:08:52 -03:00
Fabrice Fontaine
0edaf3361d Remove most of strcpy, sprintf and strcat
Replace strcpy, sprintf and strcat by strncpy, snprintf and strncat to
avoid buffer overflows.

(forward port of commit 97a17ff5ad)
2012-03-08 13:08:52 -03:00
Fabrice Fontaine
beae2ea332 Check for NULL pointer in TemplateSource.h
calloc can return NULL so check for NULL pointer in CLASS##_new and
CLASS##_dup.
2012-03-08 17:55:19 +01:00
Fabrice Fontaine
666bc7392b Replace strcpy with strncpy in get_hoststr
Replace strcpy with strncpy to avoid buffer overflow.
2012-03-08 17:23:46 +01:00
Fabrice Fontaine
eb16f52b1a Memory leak fix in handle_query_variable
variable was never freed.
2012-03-08 14:30:33 +01:00
Raymond Wen
d0aa33efc4 fix bug: the project can't compile on windows with vs 2005
- define UPNP_USE_MSVCPP when necessary
- set release build's output directory to be consistent with debug build
- add missing ClientSubscription.c to libupnp project
- reference correct source files in sample project
2012-03-08 14:09:28 +08:00
zephyrus
d02c01fa6e SF Patches Tracker id 3498437 - a header patch: ixml.h 1.6.15
Submitted: zephyrus ( zephyrus00jp ) - 2012-03-07 02:31:14 PST

Details: a function is declared as
EXPORT_SPEC IXML_Document *ixmlDocument_createDocument();

This should read as follows in order to suppress strict prototype checking by GCC.
EXPORT_SPEC IXML_Document *ixmlDocument_createDocument(void);
(cherry picked from commit 9965f02727)
2012-03-07 17:18:15 -03:00
Marcelo Roberto Jimenez
178b28593a White spaces, coding style
(cherry picked from commit 861a538cea)
2012-03-07 16:24:25 -03:00
Marcelo Roberto Jimenez
715d4d6174 White spaces, coding style
(cherry picked from commit c12d33aca6)
2012-03-07 16:24:25 -03:00
Yoichi NAKAYAMA
4fd84cbee1 SF Bug Tracker id 3497714 - Buffer overflows
Fix compile error on WIN32.

Local variables must be declared first.
Remove outdated comment.

(forward port of commit 4c3532585d)
2012-03-07 16:23:17 -03:00
Yoichi NAKAYAMA
5a9dbdb84e Avoid access violation in assertion.
xmlParser->pCurElement was dereferenced before null check.
Affects debug build only.
(cherry picked from commit 71ab707e81)
2012-03-07 16:16:51 -03:00
Fabrice Fontaine
0b2a4e580e Remove SIZEOF_MISTACH error in notify_send_and_recv
Replace sizeof(CRLF) by strlen(CRLF) as CRLF is a const char*.
(cherry picked from commit cec9d55c4c)
2012-03-07 16:16:51 -03:00
Fabrice Fontaine
6f64448cae SF Bug Tracker id 3498442 - Memory leak in get_file_info
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-07 02:44:30 PST

info->contentType is not freed before being set to NULL.

(forward port of commit 56c26b5199)
2012-03-07 16:15:09 -03:00
Fabrice Fontaine
81f10bcffb SF Bug Tracker id 3498439 - Memory leak in removeServiceTable
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-07 02:35:46 PST

UDN is not freed.
(cherry picked from commit 0469388b73)
2012-03-07 16:03:13 -03:00
Fabrice Fontaine
a35724f7f8 SF Bug Tracker id 3498436 - Memory leak in Parser_processAttributeName
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-07 02:30:57 PST

attr is not freed if ixmlNode_setNodeProperties or
ixmlNode_setAttributeNode return an error in
Parser_processAttributeName.
(cherry picked from commit 268abf72fb)
2012-03-07 16:03:13 -03:00
Fabrice Fontaine
40e7dccf5e Fixing an error in d6db7c555d commit
Evt.Sid should not be cast into char* when calling sizeof otherwise
size will be 4.

(forward port of commit 288ef35cee)
2012-03-07 16:02:17 -03:00
Fabrice Fontaine
d4c20442fc Removing two unused variables in ssdp_server.c
Removing first TempPtr allocation in unique_service_name as well as one
of the dbgStr allocation in AdvertizeAndReply as those values were not
used.
(cherry picked from commit 7ef089b09a)
2012-03-06 20:31:49 -03:00
Fabrice Fontaine
d6db7c555d SF Bug Tracker id 3497714 - Buffer overflows
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-06 07:36:08 PST

Call to strcpy should be replaced by call to memset and strncpy to
avoid getting buffer overflows.
2012-03-06 20:31:49 -03:00
Fabrice Fontaine
908391ddf0 SF Bug Tracker id 3497159 - Bug fix in Parser_readFileOrBuffer
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 14:20:58 PST

fileSize = ftell( xmlFilePtr ); can return a negative value, in this
case the function should exit (at the moment, the function exits only
if ftell returns 0).
(cherry picked from commit a8bcbe9491)
2012-03-06 20:06:37 -03:00
Fabrice Fontaine
75fdad1108 SF Bug Tracker id 3497140 - Bug fix in http_get_code_text
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 13:07:03 PST

Replace if( statusCode < 100 && statusCode >= 600 ) which can't be true
by if( statusCode < 100 || statusCode >= 600 ).
(cherry picked from commit 1a1570fe0f)
2012-03-06 20:06:29 -03:00
Fabrice Fontaine
d4ff4ecc86 SF Bug Tracker id 3497126 - Resource leak in http_RecvPostMessage
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 12:33:59 PST

Fp is not closed when an error is raised on membuffer_append or
sock_read.
(cherry picked from commit 30badb44c7)
2012-03-06 20:06:22 -03:00
Nick Leverton
2b9e8a9b9b Update ChangeLog and configure.ac to make it easy to forward port later. 2012-03-06 20:02:59 -03:00
Yoichi NAKAYAMA
2c7658f98a SF Bug Tracker id 3325246 - Memory Leak in XML Parser
Submitted: Terry Farnham ( tfarnham ) - 2011-06-23 09:45:54 PDT

Details: The following bit of xml results in a memory leak from the xml
parser:

const char *xmlbuffer="<?xml version=\"1.0\" encoding=\"utf-8\"?>
<root xmlns=\"urn:schemas-upnp-org:device-1-0\" xmlns:dlna=\"urn:schemas-dlna-org:device-1-0\">
<dlna:X_DLNADOC xmlns:dlna=\"urn:schemas-dlna-org:device-1-0\">DMS-1.50</dlna:X_DLNADOC></root>";

When I execute the following code:

IXML_Document *doc = ixmlParseBuffer(xmlbuffer);
ixmlDocument_free(doc);

It results in a memory leak in ixmlparser.c line 2107 where it calls
safe_strdup( newElement->namespaceURI ); It's difficult to figure out why.
(cherry picked from commit d6f1e4112e)
2012-03-05 17:01:26 -03:00