Hi,
I've made some modification to the libupnp v1.6.5
I've add a timeout for each TCP connect.
It is very useful when an UPnP device stop working and do not accept
connection for an UPnP action.
Modifications are only located in
upnp/src/genlib/net/http/httpreadwrite.c
For every TCP connection, I set the socket to non-blocking, perform
connect,
check result and wait during a timeout if necessary, then reset the
socket to blocking.
Please see this patch in attached file.
I hope it helps.
Regards,
David Hoeung
Consultant Extia
Orange Labs R&D
----
(cherry picked from commit 67009170d1b3953161d9c4b948d54946123d2d92)
Updated threadutil to use mutexes instead of read-write locks if
UPNP_USE_RWLOCK is false (0).
(cherry picked from commit 2b399b17911372c90cca67e464109359a586f518)
I discovered a reliable denial-of-service issue on the last stable
release of libupnp (1.6.6) remotely triggerable by any
unauthenticated user. The issue is related with a bad parsing of
malformed XML.
(cherry picked from commit 25a4bd6d253cec60ee11d7a43491e1b1a6be5465)
This is a follow up from issue 6 in tracker id 3056713: calling UpnpSetMaxContentLength() by passing '0' disables the content length checking. This is useful for developing some prototype applications that deal with a lot of XML/SOAP data, and for debugging.
The corresponding c file change is already in the pupnp tree. Copy/pasting the relevant block of code here for clarity:
In upnp/src/genlib/net/http/httpreadwrite.c:
if (g_maxContentLength > 0 && parser->content_length > (unsigned int)g_maxContentLength) {
*http_error_code = HTTP_REQ_ENTITY_TOO_LARGE;
line = __LINE__;
ret = UPNP_E_OUTOF_BOUNDS;
goto ExitFunction;
}
This block of code checks only does the bounds check if g_maxContentLength > 0, and it's only place g_maxContentLength is checked.
Attached is a patch against the latest sources.
src/ssdp/ssdp_ctrlpt.c: In function ‘SearchByTarget’:
src/ssdp/ssdp_ctrlpt.c:634: warning: format ‘%s’ expects type ‘char *’, but argument 6 has type ‘int’
(cherry picked from commit 92b241b56023b141d65cc84135886e18584792bc)
Sending messages over UDP is broken in some Apple OSes
such as OS X and iOS. This might be broken in other OSes to but didn't
verify.
The fix is to modify the socket lenght argument of sendto to use the correct
sockaddr lenght dependng on whether the socket is IPV4 or IPV6.
Also added some error checks and debugging related to the issue
(cherry picked from commit 2b3ab1799bca2514b772a2f7475e18aebf1df1af)
crash. This happens when the file being downloaded exceeds the device
memory - entirely possible when transferring video files.
The programmatic cause is that the logic implemented in the function
http_ReadHttpGet (which UpnpReadHttpGet calls) reads the entire file
into memory. The fix modifies the existing logic to discard data after
it's been read; there's no reason to keep it around since the caller
of UpnpReadHttpGet already has a copy of it.
This issue exists in 1.6.6 as well as the latest sources.
Patch submitted by Chandra (inactiveneurons).
(cherry picked from commit 4657e577662aa5136d63ebbb35d419a895e28c7b)
use connect() are broken. More specifically, connect() in these methods
is returning with an EINVAL. The programatic cause is that the address_len
argument passed to connect() is different in IPV4 vs IPV6 (as described in:
http://www.opengroup.org/onlinepubs/009695399/functions/connect.html).
The current code always uses the IPV6 size. The fix modifies each use of
connect() to use the correct size based on the address family being used.
Patch submitted by Chandra (inactiveneurons).
(cherry picked from commit 21660334e420382625aa145eeaf6d60b38d328aa)
(the netinet/* headers are not available).
Patch submitted by Chandra (inactiveneurons).
(cherry picked from commit 934bd2682fe15612f593fb0128eae26dd53bfb82)
at the end of the notification ("\r\n") in notify_send_and_recv() in
upnp/src/gena/gena_device.c.
Patch by Fabrice Fontaine.
(cherry picked from commit ebc941f2652f95158b121f208f202a781dce2234)
* InitHandleList() has never been implemented, I guess no one has ever
called it, so remove it.
* GetFreeHandle() and FreeHandle() are now static as they should.
git-svn-id: https://pupnp.svn.sourceforge.net/svnroot/pupnp/trunk@567 119443c7-1b9e-41f8-b6fc-b9c35fce742c
* New internal buffer added to store global/ula IPV6 address.
* Macros to test whether an IPV6 address is global or ula.
* UpnpGetServerUlaGuaIp6Address(): added interface.
* IN6_IS_ADDR_GLOBAL, IN6_IS_ADDR_ULA: new macros.
* gIF_IPV6_ULA_GUA: new buffer.
* UpnpRegisterRootDevice3(): Change to the test of already registered
devices for IPV6.
* UpnpGetIfInfo(): gua/ula issues.
Patch submitted by Ronan Menard.
git-svn-id: https://pupnp.svn.sourceforge.net/svnroot/pupnp/trunk@565 119443c7-1b9e-41f8-b6fc-b9c35fce742c
Hello,
When my patch for tracker ID 3007407 was accepted, the definition of the
serviceList string was changed from
#define SERVICELIST_STR "serviceList"
to
static const char *SERVICELIST_STR = "serviceList";
During internal code review of the final patch, it was pointed out that
sizeof(SERVICELIST_STR) == 4 since SERVICELIST_STR is now declared as
a pointer instead of an array.
If you wish to use a variable instead of a define, I suggest the
following instead:
static const char SERVICELIST_STR[] = "serviceList";
Thanks,
Chuck Thomason
git-svn-id: https://pupnp.svn.sourceforge.net/svnroot/pupnp/trunk@556 119443c7-1b9e-41f8-b6fc-b9c35fce742c
