280 Commits

Author SHA1 Message Date
Yoichi NAKAYAMA
a54d6e7e83 Synchronize autoconfig.h with upnpconfig.h.
It fixes WIN32 build where configure is not invoked.
2012-03-10 14:37:59 +09:00
Fabrice Fontaine
bb140000c0 More compilaton optimisation
Do not compile most of service_table.c and client_table.c if
--disable-gena is used.
Do not compile urlconfig.c if --disable-webserver is used.
Adding new UPNP_HAVE_xxx variables in upnpconfig.h and upnpconfig.h.in.
2012-03-10 00:33:17 +01:00
Fabrice Fontaine
7aef73d7eb Optimisation of --disable-webserver
Do not compile webserver.c if --disable-webserver is used.
2012-03-09 23:28:18 +01:00
Fabrice
77c73884b8 Improve threadutil
Remove "dereference NULL return" errors and implicit conversions to
double or enum types.
2012-03-09 22:49:19 +01:00
Fabrice Fontaine
72eecacf56 Optimisation of --disable-webserver
Do not compile miniserver.c if --disable-webserver is used.
2012-03-09 17:09:34 +01:00
Fabrice Fontaine
601332f88f Adding configure options
Adding --disable-ssdp, --disable-soap, --disable-gena options to
configure script.
2012-03-09 17:08:01 +01:00
Fabrice Fontaine
e95b4cc53a Bug fix of last commit
_snprintf was wrongly defined in ssdp_server.c
2012-03-09 16:13:43 +01:00
Fabrice Fontaine
e722d8c375 SF Bug Tracker id 3499781 - msvc doesn't have snprintf
Submitted: Yoichi NAKAYAMA ( yoichi ) - 2012-03-08 10:18:39 PST

97a17ff5add73c97844e2fa74456bab4df0800f1 commit breaks build on
windows/msvc since there is no snprintf.

Note:
* Some existing sources use _snprintf when WIN32 is defined, but its
behavior is a bit different from C99 snprintf.
* snprintf does terminate the buffer, so the commit (use buffer size
minus 1 as argument) changes the behavior at the boundary.
* Truncation might be better than crash in some cases. But it may
result in not good.
2012-03-09 15:02:49 +01:00
Marcelo Roberto Jimenez
29ee36b1ca SF Bug Tracker id 3499878 - UpnpUnSubscribeAsync(): ‘retVal’ may be used uninitialized
Submitted: Marcelo Roberto Jimenez ( mroberto ) - 2012-03-08 12:38:57 PST

src/api/upnpapi.c: In function ‘UpnpUnSubscribeAsync’:
src/api/upnpapi.c:2060:6: warning: ‘retVal’ may be used uninitialized in this function
2012-03-08 17:42:02 -03:00
Marcelo Roberto Jimenez
2fb791c9bb SF Bug Tracker id 3175217 - Crash bug in Parser_addNamespace()
Submitted: Terry Farnham ( tfarnham ) - 2011-02-07 09:25:25 PST

Details: The strcmp(pNode->prefix,pCur->prefix) crashes on pCur->prefix
being NULL. This occurs on invalidly formatted xml where a node uses an
undefined namespace. I would expect to receive IXML_FAILED in this
situation.
2012-03-08 13:51:29 -03:00
Fabrice Fontaine
9b616a08df Removing access to NULL pointers in node.c and element.c
Check that newNode is not NULL ixmlNode_cloneNodeTree and pass newAttr
as the return node in the ixmlElement_setAttributeNodeNS call of
ixmlElement_setAttributeNS.
2012-03-08 16:09:03 +01:00
Fabrice Fontaine
3ab8d536a0 Memory leaks correction in upnpapi.c
Fix memory leaks in UpnpUnSubscribe, SendActionExAsync and
RenewSubscription.
2012-03-08 15:40:23 +01:00
Fabrice Fontaine
4f34a12a83 SF Bug Tracker id 3496993 - Write after free in ixmlNode_insertBefore
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 04:54:40 PST

If ixmlNode_isParent(nodeptr, newChild) returns TRUE,
ixmlNode_removeChild(nodeptr, newChild, NULL) will free newChild before
the modifications of newChild->nextSibling and newChild->prevSibling.
2012-03-08 14:22:54 +01:00
Fabrice Fontaine
97a17ff5ad Remove most of strcpy, sprintf and strcat
Replace strcpy, sprintf and strcat by strncpy, snprintf and strncat to
avoid buffer overflows.
2012-03-08 14:07:27 +01:00
Yoichi NAKAYAMA
4c3532585d SF Bug Tracker id 3497714 - Buffer overflows
Fix compile error on WIN32.

Local variables must be declared first.
Remove outdated comment.
2012-03-08 01:37:03 +09:00
Yoichi NAKAYAMA
71ab707e81 Avoid access violation in assertion.
xmlParser->pCurElement was dereferenced before null check.
Affects debug build only.
2012-03-08 01:22:59 +09:00
Fabrice Fontaine
cec9d55c4c Remove SIZEOF_MISTACH error in notify_send_and_recv
Replace sizeof(CRLF) by strlen(CRLF) as CRLF is a const char*.
2012-03-07 14:30:37 +01:00
Fabrice Fontaine
56c26b5199 SF Bug Tracker id 3498442 - Memory leak in get_file_info
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-07 02:44:30 PST

info->contentType is not freed before being set to NULL.
2012-03-07 12:49:13 +01:00
Fabrice Fontaine
0469388b73 SF Bug Tracker id 3498439 - Memory leak in removeServiceTable
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-07 02:35:46 PST

UDN is not freed.
2012-03-07 12:41:21 +01:00
Fabrice Fontaine
268abf72fb SF Bug Tracker id 3498436 - Memory leak in Parser_processAttributeName
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-07 02:30:57 PST

attr is not freed if ixmlNode_setNodeProperties or
ixmlNode_setAttributeNode return an error in
Parser_processAttributeName.
2012-03-07 12:36:45 +01:00
Fabrice Fontaine
288ef35cee Fixing an error in d6db7c555d0f11856ce5e3e479b16a4cf4689107 commit
Evt.Sid should not be cast into char* when calling sizeof otherwise
size will be 4.
2012-03-07 10:26:42 +01:00
Fabrice Fontaine
7ef089b09a Removing two unused variables in ssdp_server.c
Removing first TempPtr allocation in unique_service_name as well as one
of the dbgStr allocation in AdvertizeAndReply as those values were not
used.
2012-03-06 18:36:48 +01:00
Fabrice Fontaine
c13b1f7e37 SF Bug Tracker id 3497714 - Buffer overflows
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-06 07:36:08 PST

Call to strcpy should be replaced by call to memset and strncpy to
avoid getting buffer overflows.
2012-03-06 17:41:47 +01:00
Fabrice Fontaine
3e7bf14488 Merge branch 'branch-1.6.x' of ssh://pupnp.git.sourceforge.net/gitroot/pupnp/pupnp into branch-1.6.x 2012-03-06 09:58:54 +01:00
Fabrice Fontaine
a8bcbe9491 SF Bug Tracker id 3497159 - Bug fix in Parser_readFileOrBuffer
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 14:20:58 PST

fileSize = ftell( xmlFilePtr ); can return a negative value, in this
case the function should exit (at the moment, the function exits only
if ftell returns 0).
2012-03-06 00:23:54 +01:00
Fabrice Fontaine
1a1570fe0f SF Bug Tracker id 3497140 - Bug fix in http_get_code_text
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 13:07:03 PST

Replace if( statusCode < 100 && statusCode >= 600 ) which can't be true
by if( statusCode < 100 || statusCode >= 600 ).
2012-03-06 00:14:45 +01:00
Fabrice Fontaine
30badb44c7 SF Bug Tracker id 3497126 - Resource leak in http_RecvPostMessage
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 12:33:59 PST

Fp is not closed when an error is raised on membuffer_append or
sock_read.
2012-03-05 22:35:54 +01:00
Nick Leverton
3504b13eae SF Bug Tracker id 2989399 - UpnpSetVirtualDirCallbacks API removal in 1.6.x
Submitted: Nick Leverton ( leveret ) - 2010-04-19 07:44:10 PDT

Details: The recent codebase merge has removed a significant API call
which is used by several pupnp devices such as mediatomb and gmediaserver.
UpnpSetVirtualDirCallbacks() has been replaced by individual routines to
set each callback. Essentially this means that 1.6.7 will in fact be a majo
bump and 1.6.6 devices can no longer link against it. Could we have the call
reinstated please, perhaps as a wrapper around the individual calls ? As
it is, all distros will have to patch their 1.6.x apps, rebuild and re-link them.

The other removed API calls and external variables don't seem to be used
by any of the apps I have copies of, but UpnpSetVirtualDirCallbacks is
important for maintaining compatibility within 1.6.x.
2012-03-05 18:21:49 -03:00
Yoichi NAKAYAMA
d6f1e4112e SF Bug Tracker id 3325246 - Memory Leak in XML Parser
Submitted: Terry Farnham ( tfarnham ) - 2011-06-23 09:45:54 PDT

Details: The following bit of xml results in a memory leak from the xml
parser:

const char *xmlbuffer="<?xml version=\"1.0\" encoding=\"utf-8\"?>
<root xmlns=\"urn:schemas-upnp-org:device-1-0\" xmlns:dlna=\"urn:schemas-dlna-org:device-1-0\">
<dlna:X_DLNADOC xmlns:dlna=\"urn:schemas-dlna-org:device-1-0\">DMS-1.50</dlna:X_DLNADOC></root>";

When I execute the following code:

IXML_Document *doc = ixmlParseBuffer(xmlbuffer);
ixmlDocument_free(doc);

It results in a memory leak in ixmlparser.c line 2107 where it calls
safe_strdup( newElement->namespaceURI ); It's difficult to figure out why.
2012-03-05 16:59:15 -03:00
Yoichi NAKAYAMA
e5887c9036 SF Bug Tracker id 3417134 - Crash seen in UpnpFinish
Submitted: Sunil ( sunilangadi ) - 2011-10-02 08:28:47 PDT

Details: I observed crash in the below mentioned log statement in
function upnpfinish(file: upnpapi.c).
UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__, "Exiting UpnpFinish:
	UpnpSdkInit is :%d:\n", UpnpSdkInit);

In particular it was crashing in ithread_self in
UpnpDisplayFileAndLine(file upnpdebug.c) on WIN32.

Moving the call ithread_cleanup_library() below the upnp printf call
mentioned above in function upnpfinish fixed the crash but I couldn't get
to the root of the problem.

The problem was observed on WIN32.
2012-03-05 15:05:20 -03:00
Fabrice Fontaine
eeab71082f SF Bug Tracker id 3497034 - Buffer not null terminated in UpnpGetIfInfo
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 06:43:52 PST

gIF_NAME might be not null terminated.
2012-03-05 17:43:26 +01:00
Fabrice Fontaine
f6e88d5b0a SF Bug Tracker id 3497033 - Buffer not null terminated in UpnpInit
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 06:42:18 PST

gIF_IPV4, gIF_IPV6 and gIF_IPV6_ULA_GUA might be not null terminated.
Moreover, gIF_IPV4 should be 16 characters (INET_ADDRSTRLEN) and not 22
and gIF_IPV6 should be 46 characters (INET6_ADDRSTRLEN) and not 65.
2012-03-05 17:36:41 +01:00
Fabrice Fontaine
add51536fc Bug fix of lastest commit (parse_hostport)
Missing parenthesis in memset.
2012-03-05 17:31:20 +01:00
Fabrice Fontaine
40864da7c1 SF Bug Tracker id 3497027 - Buffer not null terminated in parse_hostport
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 06:28:38 PST

workbuf might be not null terminated.
2012-03-05 17:13:08 +01:00
Fabrice Fontaine
5caaf3ad07 SF Bug Tracker id 3497009 - Resource leak in http_SendMessage
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 05:51:44 PST

Fp is not closed if fseeko(Fp, Instr->RangeOffset, SEEK_CUR) does not return 0.
2012-03-05 17:12:15 +01:00
Fabrice Fontaine
26c3f87eca HInfo->ServiceTable initialization in UpnpRegisterRootDevice2 and UpnpRegisterRootDevice4
Initialize also HInfo->ServiceTable in UpnpRegisterRootDevice2 and
UpnpRegisterRootDevice4 functions
2012-03-05 12:43:07 +01:00
Yoichi NAKAYAMA
20372ccef6 Initialize ServiceTable. 2012-03-05 12:36:29 +01:00
Yoichi NAKAYAMA
47c86542bc Add error handling. 2012-03-05 12:26:41 +01:00
Fabrice Fontaine
da244683cf SF Bug Tracker id 3496942 - Memory leak in config_description_doc
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:55:54 PST

element was not freed if membuffer_append_str(&url_str, "http://") does
not return 0. Moreover addNew was not used.
2012-03-05 11:58:54 +01:00
Fabrice Fontaine
7301f46269 SF Bug Tracker id 3496938 - Missing structures initialisation in some functions
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:31:16 PST

Memsetting to 0 some of the structures: finfo in process_request,
job in readFromSSDPSocket, request in http_OpenHttpGetEx, job in
genaNotifyThread, job in genaNotifyAllExt, job in genaNotifyAll,
job in genaInitNotifyExt, job in genaInitNotify, LocalAddr in
getlocalhostname.
2012-03-05 11:52:22 +01:00
Fabrice Fontaine
bd203e780e SF Bug Tracker id 3496934 - Memory leaks in getlocalhostname and UpnpGetIfInfo
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:25:42 PST

LocalSock is not closed if ioctl(LocalSock, SIOCGIFCONF, &ifConf);
returns an error.
2012-03-05 11:33:12 +01:00
Fabrice Fontaine
69f3fe2330 SF Bug Tracker id 3496933 - Out-of-bounds access in CheckOtherHTTPHeaders
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:15:34 PST

An out-of-bands access is raised because size of
RespInst->AcceptLanguageHeader is 200 and TmpBuf size is 180.
2012-03-05 11:20:07 +01:00
Fabrice Fontaine
52df3081df Remove unused currentDevice variable in removeServiceTable
currentDevice is not used in this function.
2012-03-05 11:12:37 +01:00
Fabrice Fontaine
71e77a5b27 SF Bug Tracker id 3496581 - Memory leak in getServiceList
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-03 08:43:23 PST

serviceNodeList is not freed if
current->next = malloc(sizeof(service_info)); returns NULL.
2012-03-05 10:59:20 +01:00
Fabrice Fontaine
a79a149e6a SF Bug Tracker id 3495616 - Memory leak in ixmlElement_setAttributeNS
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-02-29 02:09:43 PST

newAttrNode is not freed if newAttr->n.nodeValue = strdup(value); returns
NULL or if ixmlElement_setAttributeNodeNS(element, newAttr, NULL) does
not return IXML_SUCCESS.
2012-03-01 14:04:26 +01:00
Fabrice Fontaine
0693adc7dc SF Bug Tracker id 3495286 - Double free in get_action_node
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-02-28 04:27:54 PST

ixmlFreeDOMString(ActNodeName); is called twice if
ixmlParseBufferEx(ActNodeName, RespNode); does not return IXML_SUCCESS.
2012-03-01 14:02:34 +01:00
Fabrice Fontaine
076f8e5be6 SF Bug Tracker id 3495280 - Memory leak in ixmlDocument_createElementEx
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-02-28 04:01:02 PST

There is a memory leak in ixmlDocument_createElementEx:
newElement->tagName is not freed if
newElement->n.nodeName = strdup(tagName); returns NULL.
2012-03-01 10:47:10 +01:00
Fabrice Fontaine
60f9df425b SF Bug Tracker id 3494865 - Use of non-initialized variable in parser_parse_requestline
Submitted: Marcelo Roberto jimenez ( mroberto ) - 2012-02-26 16:50:23 PST

src/genlib/net/http/httpparser.c: In function ‘parser_parse_requestline’:
src/genlib/net/http/httpparser.c:1319:28: warning: ‘index’ may be used uninitialized in this function
(cherry picked from commit 9125d82010f6c7e15b0e6b8664e5c0734e569406)
2012-02-29 15:15:28 -03:00
Marcelo Roberto Jimenez
795de3e077 SF Bug Tracker id 3489999 - UpnpString leaks in genaSubscribe()
Submitted: Yoichi NAKAYAMA ( yoichi ) - 2012-02-21 07:06:35 PST

In genaSubscribe() (defined in upnp/src/gena/gena_ctrlpt.c),
ActualSID and EventURL will not be freed if ScheduleGenaAutoRenew
returns UPNP_E_SUCCESS.

This fixes the an issue introduced by the previous fix.
2012-02-26 21:36:24 -03:00
Yoichi NAKAYAMA
a567576100 Remove files missing in branch-1.6.x. 2012-02-26 01:36:59 -03:00