312 Commits

Author SHA1 Message Date
Fabrice Fontaine
c13b1f7e37 SF Bug Tracker id 3497714 - Buffer overflows
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-06 07:36:08 PST

Call to strcpy should be replaced by call to memset and strncpy to
avoid getting buffer overflows.
2012-03-06 17:41:47 +01:00
Fabrice Fontaine
3e7bf14488 Merge branch 'branch-1.6.x' of ssh://pupnp.git.sourceforge.net/gitroot/pupnp/pupnp into branch-1.6.x 2012-03-06 09:58:54 +01:00
Fabrice Fontaine
1a1570fe0f SF Bug Tracker id 3497140 - Bug fix in http_get_code_text
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 13:07:03 PST

Replace if( statusCode < 100 && statusCode >= 600 ) which can't be true
by if( statusCode < 100 || statusCode >= 600 ).
2012-03-06 00:14:45 +01:00
Fabrice Fontaine
30badb44c7 SF Bug Tracker id 3497126 - Resource leak in http_RecvPostMessage
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 12:33:59 PST

Fp is not closed when an error is raised on membuffer_append or
sock_read.
2012-03-05 22:35:54 +01:00
Nick Leverton
3504b13eae SF Bug Tracker id 2989399 - UpnpSetVirtualDirCallbacks API removal in 1.6.x
Submitted: Nick Leverton ( leveret ) - 2010-04-19 07:44:10 PDT

Details: The recent codebase merge has removed a significant API call
which is used by several pupnp devices such as mediatomb and gmediaserver.
UpnpSetVirtualDirCallbacks() has been replaced by individual routines to
set each callback. Essentially this means that 1.6.7 will in fact be a majo
bump and 1.6.6 devices can no longer link against it. Could we have the call
reinstated please, perhaps as a wrapper around the individual calls ? As
it is, all distros will have to patch their 1.6.x apps, rebuild and re-link them.

The other removed API calls and external variables don't seem to be used
by any of the apps I have copies of, but UpnpSetVirtualDirCallbacks is
important for maintaining compatibility within 1.6.x.
2012-03-05 18:21:49 -03:00
Yoichi NAKAYAMA
e5887c9036 SF Bug Tracker id 3417134 - Crash seen in UpnpFinish
Submitted: Sunil ( sunilangadi ) - 2011-10-02 08:28:47 PDT

Details: I observed crash in the below mentioned log statement in
function upnpfinish(file: upnpapi.c).
UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__, "Exiting UpnpFinish:
	UpnpSdkInit is :%d:\n", UpnpSdkInit);

In particular it was crashing in ithread_self in
UpnpDisplayFileAndLine(file upnpdebug.c) on WIN32.

Moving the call ithread_cleanup_library() below the upnp printf call
mentioned above in function upnpfinish fixed the crash but I couldn't get
to the root of the problem.

The problem was observed on WIN32.
2012-03-05 15:05:20 -03:00
Fabrice Fontaine
eeab71082f SF Bug Tracker id 3497034 - Buffer not null terminated in UpnpGetIfInfo
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 06:43:52 PST

gIF_NAME might be not null terminated.
2012-03-05 17:43:26 +01:00
Fabrice Fontaine
f6e88d5b0a SF Bug Tracker id 3497033 - Buffer not null terminated in UpnpInit
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 06:42:18 PST

gIF_IPV4, gIF_IPV6 and gIF_IPV6_ULA_GUA might be not null terminated.
Moreover, gIF_IPV4 should be 16 characters (INET_ADDRSTRLEN) and not 22
and gIF_IPV6 should be 46 characters (INET6_ADDRSTRLEN) and not 65.
2012-03-05 17:36:41 +01:00
Fabrice Fontaine
add51536fc Bug fix of lastest commit (parse_hostport)
Missing parenthesis in memset.
2012-03-05 17:31:20 +01:00
Fabrice Fontaine
40864da7c1 SF Bug Tracker id 3497027 - Buffer not null terminated in parse_hostport
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 06:28:38 PST

workbuf might be not null terminated.
2012-03-05 17:13:08 +01:00
Fabrice Fontaine
5caaf3ad07 SF Bug Tracker id 3497009 - Resource leak in http_SendMessage
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 05:51:44 PST

Fp is not closed if fseeko(Fp, Instr->RangeOffset, SEEK_CUR) does not return 0.
2012-03-05 17:12:15 +01:00
Fabrice Fontaine
26c3f87eca HInfo->ServiceTable initialization in UpnpRegisterRootDevice2 and UpnpRegisterRootDevice4
Initialize also HInfo->ServiceTable in UpnpRegisterRootDevice2 and
UpnpRegisterRootDevice4 functions
2012-03-05 12:43:07 +01:00
Yoichi NAKAYAMA
20372ccef6 Initialize ServiceTable. 2012-03-05 12:36:29 +01:00
Yoichi NAKAYAMA
47c86542bc Add error handling. 2012-03-05 12:26:41 +01:00
Fabrice Fontaine
da244683cf SF Bug Tracker id 3496942 - Memory leak in config_description_doc
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:55:54 PST

element was not freed if membuffer_append_str(&url_str, "http://") does
not return 0. Moreover addNew was not used.
2012-03-05 11:58:54 +01:00
Fabrice Fontaine
7301f46269 SF Bug Tracker id 3496938 - Missing structures initialisation in some functions
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:31:16 PST

Memsetting to 0 some of the structures: finfo in process_request,
job in readFromSSDPSocket, request in http_OpenHttpGetEx, job in
genaNotifyThread, job in genaNotifyAllExt, job in genaNotifyAll,
job in genaInitNotifyExt, job in genaInitNotify, LocalAddr in
getlocalhostname.
2012-03-05 11:52:22 +01:00
Fabrice Fontaine
bd203e780e SF Bug Tracker id 3496934 - Memory leaks in getlocalhostname and UpnpGetIfInfo
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:25:42 PST

LocalSock is not closed if ioctl(LocalSock, SIOCGIFCONF, &ifConf);
returns an error.
2012-03-05 11:33:12 +01:00
Fabrice Fontaine
69f3fe2330 SF Bug Tracker id 3496933 - Out-of-bounds access in CheckOtherHTTPHeaders
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:15:34 PST

An out-of-bands access is raised because size of
RespInst->AcceptLanguageHeader is 200 and TmpBuf size is 180.
2012-03-05 11:20:07 +01:00
Fabrice Fontaine
52df3081df Remove unused currentDevice variable in removeServiceTable
currentDevice is not used in this function.
2012-03-05 11:12:37 +01:00
Fabrice Fontaine
71e77a5b27 SF Bug Tracker id 3496581 - Memory leak in getServiceList
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-03 08:43:23 PST

serviceNodeList is not freed if
current->next = malloc(sizeof(service_info)); returns NULL.
2012-03-05 10:59:20 +01:00
Fabrice Fontaine
0693adc7dc SF Bug Tracker id 3495286 - Double free in get_action_node
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-02-28 04:27:54 PST

ixmlFreeDOMString(ActNodeName); is called twice if
ixmlParseBufferEx(ActNodeName, RespNode); does not return IXML_SUCCESS.
2012-03-01 14:02:34 +01:00
Fabrice Fontaine
60f9df425b SF Bug Tracker id 3494865 - Use of non-initialized variable in parser_parse_requestline
Submitted: Marcelo Roberto jimenez ( mroberto ) - 2012-02-26 16:50:23 PST

src/genlib/net/http/httpparser.c: In function ‘parser_parse_requestline’:
src/genlib/net/http/httpparser.c:1319:28: warning: ‘index’ may be used uninitialized in this function
(cherry picked from commit 9125d82010f6c7e15b0e6b8664e5c0734e569406)
2012-02-29 15:15:28 -03:00
Marcelo Roberto Jimenez
795de3e077 SF Bug Tracker id 3489999 - UpnpString leaks in genaSubscribe()
Submitted: Yoichi NAKAYAMA ( yoichi ) - 2012-02-21 07:06:35 PST

In genaSubscribe() (defined in upnp/src/gena/gena_ctrlpt.c),
ActualSID and EventURL will not be freed if ScheduleGenaAutoRenew
returns UPNP_E_SUCCESS.

This fixes the an issue introduced by the previous fix.
2012-02-26 21:36:24 -03:00
Marcelo Roberto Jimenez
bc473d5e68 SF Bug Tracker id 3489999 - UpnpString leaks in genaSubscribe()
Submitted: Yoichi NAKAYAMA ( yoichi ) - 2012-02-21 07:06:35 PST

In genaSubscribe() (defined in upnp/src/gena/gena_ctrlpt.c),
ActualSID and EventURL will not be freed if ScheduleGenaAutoRenew
returns UPNP_E_SUCCESS.

This fixes the original issue.
2012-02-26 01:12:59 -03:00
Marcelo Roberto Jimenez
2940cbf94a SF Bug Tracker: UpnpString leaks in genaSubscribe()
In genaSubscribe() (defined in upnp/src/gena/gena_ctrlpt.c),
ActualSID and EventURL will not be freed.
2012-02-23 16:30:19 -02:00
Marcelo Roberto Jimenez
d87c966ec5 SF Bug Tracker: http lib only accepts HTTP/1.1 - ID:3485745
Submitted by Berend Dekens ( Berend Dekens ) - 2012-02-08 06:24:31 PST

In httpparser.c on line 1385 it says that HTTP 1.0 replies are blocked
because the UPnP verfication tool requires this.

I looked in the specs and as far as I can find, one should only be
carefull to send chunked communication to hosts supporting HTTP 1.1.
There is no requirement to support only HTTP 1.1.

The XBMC media server uses the Platinum UPnP library which replies
using HTTP/1.0 messages. As it is now, libupnp returns an error while
trying to parse the response while the response itself is completely
valid.

Is there a requirement in the UPnP 1.0 spec that I missed or is this
restriction self-imposed? And can it be lifted?

-------------------------------------------------------------------

Comment by Fabrice Fontaine:

Hide
Hi,

You're right, this modification should be removed. This version checking
was wrongly added in parser_parse_responseline function.

...
2012-02-23 15:29:45 -02:00
Marcelo Roberto Jimenez
e88d9dbedc White spaces. 2012-02-23 15:20:02 -02:00
Fabrice Fontaine
33fcfeb79f Bug fix for IPv4-mapped IPv6 addresses.
Setting IPv6 sockets with IPV6_V6ONLY flag to avoid getting IP packets
with IPv4-mapped IPv6 addresses on IPv6 sockets.
2012-02-18 16:05:50 -02:00
Edwin Stearns
a9c24fc7f3 Be nice to a server that returns its URL without a trailing slash
Attached is a patch that resolved an issue I found with a server that
gave its device description URI without a trailing slash (e.g.
`http://127.0.0.1:5555`).
2012-02-18 11:35:21 -02:00
Fabrice Fontaine
c155d3c68f Bug fix on M-SEARCH for IPv6 CPs.
Small bug fix on IPv6 Control Point: now CP will also send M-SEARCH on
site-scope address (FF05::C) instead of only sending M-SEARCH on
link-scope (FF02::C).
2012-01-25 09:56:02 -02:00
Fabrice Fontaine
03bd7759cd Retrieve IPv6 addresses in Upnp_Discovery.
Changing sockaddr_in into sockaddr_storage in Upnp_Discovery to be able
to retrieve IPv6 addresses of devices in Control Points using pupnp.
2012-01-25 09:54:14 -02:00
Marcelo Roberto Jimenez
3b33626e2f Fix for return value of UpnpResolveURL and UpnpResolveURL2
SF Bug tracker, ID: 3469344
	Submitted: dimmman ( dimmman ) - 2012-01-04 01:44:29 PST
	Details: Looking at the code (v1.6.14, upnptools.c) for UpnpResolveURL
	and UpnpResolveURL2 it shows that the ExitFunction: always returns
	UPNP_E_SUCCESS.

	I'm farily sure it's a simple mistake that should have been "return ret;"
	in both cases.

	Br,
	Jonny
2012-01-09 08:58:03 -02:00
Fabrice Fontaine
98e4f938d6 UPnP Low Power support
Adding two new functions (UpnpSendAdvertisementLowPower and
UpnpUnRegisterRootDeviceLowPower) which can be used to specify values
for the three SSDP headers defined by UPnP Low Power. Those headers are
Powerstate, SleepPeriod and RegistrationState.
2011-11-04 20:21:58 -02:00
Fabrice Fontaine
92c93a8010 Bug fix in IN6_IS_ADDR_GLOBAL.
Changing IN6_IS_ADDR_GLOBAL to accept all IPv6 addresses which have a
2000::/3 prefix.
2011-11-01 18:59:49 -02:00
Nick Leverton
e40e6b49d4 Summary: upnptools.h should #include upnpconfig.h - ID: 3426326
(cherry picked from commit ef7bbc486686d1b9c365273874d9224102199b89)
2011-10-20 12:30:05 +01:00
Fabrice Fontaine
6c6fb3707f Bug Fix on M-SEARCH.
Do not answer to M-SEARCH using HTTP version 1.0 as specified by the
UPnP Device Architecture.
2011-07-20 06:10:07 -03:00
Iain Denniston
92ea719804 Fixes for compilation under Windows (specifically MSVC). Also added MSVC supported "_inline", and fixed some WIN32 specific warnings. 2011-04-02 23:47:00 -03:00
Iain Denniston
fed316ff3e Several fixes to correctly use SOCKET (and related) types instead of non-portable variations. 2011-04-02 23:38:53 -03:00
Marcelo Roberto Jimenez
e16cb4b225 Silence compiler warning message.
warning: unused parameter ‘listen_port6’
2011-03-15 18:27:17 -03:00
Fabrice Fontaine
0996d23318 Putting ssdpReqSocks under compilation flag.
Putting all access to ssdpReqSock4 and ssdpReqSock6 under
INCLUDE_CLIENT_APIS compilation flag to be able to compile when
client part of library is disable.
2011-03-15 18:22:30 -03:00
Fabrice Fontaine
11f9a2bafe New UpnpRegisterRootDevice4 for legacy CPs.
Add a new UpnpRegisterRootDevice4 which allow user to specify a
description URL to be returned for legacy CPs (for example, CPs
searching for a v1 when the device is v2). Most of those CPs does not
work if they found a v2 in the XML description, so this new function is
only used to solve interoperability issues.
2011-03-15 18:17:05 -03:00
Iain Denniston
7338411c08 Partial fix for UpnpGetIfInfo with MSVC 2011-03-11 17:52:07 -03:00
Marcelo Roberto Jimenez
3a9ae348bc Created the macros PRIzd and PRIzx to deal with MSVC lack of C99.
Thanks to Iain Denniston for pointing it out.
2011-03-11 17:20:17 -03:00
Iain Denniston
840669b253 Fixes for headers when compiled under C++ 2011-03-11 16:07:51 -03:00
Marcelo Roberto Jimenez
e30e7bd586 Fix for uuid_unpack incorrect shift precedence. 2011-03-10 16:21:25 -03:00
Marcelo Roberto Jimenez
32e510b45a Remove PrintThreadPoolStats() from the public API.
This function uses a ThreadPool object as an argument, which is not
supposed to be exported. Also, debug compilation was broken.
2011-02-07 22:33:42 -02:00
Fabrice Fontaine
063d472f80 Major bug fix in IPv6 code.
Major bug fix in miniserver.c for IPv6, bug was introduced when
changing implementation of get_port in November 20th 2010 ("gena:fix
several compiler warnings" commit).
2011-02-07 21:27:41 -02:00
Marcelo Roberto Jimenez
fdb8b9ef2f White spaces and indentation. 2011-01-30 09:40:48 -02:00
Chandra Penke
6c125feea0 Fix for compilation errors
Fix for compilation warnings of unused variables in upnpdebug.c in
release builds.
2011-01-30 09:36:05 -02:00
Chandra Penke
f46683fd0e Fix for typo in strndup() function definition. 2011-01-17 09:03:34 -02:00