Remove more "implicit integer or enum conversions" as well as memset
before snprintf.
(forward port of commit 2eb3e069badd5c8676738c3ead37f9551fd8448e)
There was a problem in HDR_ACCEPT_LANGUAGE case.
It may read from TmpBuf larger amount than allocated,
since condition was always true.
Terminate RespInstr->AcceptLanguageHeader correctly.
Skip allocation if there is already sufficient buffer.
(cherry picked from commit db532afb9bd7b870585705701b32dee441a5f6cb)
Remove some of the "implicit integer or enum conversions" as well as
some access to NULL reference in upnp part.
(forward port of commit c67187ac94f25ae23b286a1521d968911edba61d)
Submitted: Yoichi NAKAYAMA ( yoichi ) - 2012-03-08 10:18:39 PST
97a17ff5add73c97844e2fa74456bab4df0800f1 commit breaks build on
windows/msvc since there is no snprintf.
Note:
* Some existing sources use _snprintf when WIN32 is defined, but its
behavior is a bit different from C99 snprintf.
* snprintf does terminate the buffer, so the commit (use buffer size
minus 1 as argument) changes the behavior at the boundary.
* Truncation might be better than crash in some cases. But it may
result in not good.
(forward port of commit e722d8c375dc50b855b41cd56e2fc3d70af4201e)
Replace strcpy, sprintf and strcat by strncpy, snprintf and strncat to
avoid buffer overflows.
(forward port of commit 97a17ff5add73c97844e2fa74456bab4df0800f1)
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 12:33:59 PST
Fp is not closed when an error is raised on membuffer_append or
sock_read.
(cherry picked from commit 30badb44c74aefa1c81c63d394079f5fa16c7dc1)
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 05:51:44 PST
Fp is not closed if fseeko(Fp, Instr->RangeOffset, SEEK_CUR) does not return 0.
(cherry picked from commit 5caaf3ad071e4833aaab74133cc755ce3e917c01)
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:31:16 PST
Memsetting to 0 some of the structures: finfo in process_request,
job in readFromSSDPSocket, request in http_OpenHttpGetEx, job in
genaNotifyThread, job in genaNotifyAllExt, job in genaNotifyAll,
job in genaInitNotifyExt, job in genaInitNotify, LocalAddr in
getlocalhostname.
(cherry picked from commit 7301f462690b7c62ed62c94650d95bda1064ecec)
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:15:34 PST
An out-of-bands access is raised because size of
RespInst->AcceptLanguageHeader is 200 and TmpBuf size is 180.
(cherry picked from commit 69f3fe2330877f05311d6d37eb7f6537e3c2172f)
Submitted: Marcelo Roberto jimenez ( mroberto ) - 2012-02-26 16:50:23 PST
src/genlib/net/http/httpparser.c: In function ‘parser_parse_requestline’:
src/genlib/net/http/httpparser.c:1319:28: warning: ‘index’ may be used uninitialized in this function
Submitted by Berend Dekens ( Berend Dekens ) - 2012-02-08 06:24:31 PST
In httpparser.c on line 1385 it says that HTTP 1.0 replies are blocked
because the UPnP verfication tool requires this.
I looked in the specs and as far as I can find, one should only be
carefull to send chunked communication to hosts supporting HTTP 1.1.
There is no requirement to support only HTTP 1.1.
The XBMC media server uses the Platinum UPnP library which replies
using HTTP/1.0 messages. As it is now, libupnp returns an error while
trying to parse the response while the response itself is completely
valid.
Is there a requirement in the UPnP 1.0 spec that I missed or is this
restriction self-imposed? And can it be lifted?
-------------------------------------------------------------------
Comment by Fabrice Fontaine:
Hide
Hi,
You're right, this modification should be removed. This version checking
was wrongly added in parser_parse_responseline function.
...
(cherry picked from commit d87c966ec5f17d5fbef1b409f426c0d70cd6231f)
Attached is a patch that resolved an issue I found with a server that
gave its device description URI without a trailing slash (e.g.
`http://127.0.0.1:5555`).
(cherry picked from commit a9c24fc7f327adefc5708e4565d15d65c49224ab)
Do not answer to M-SEARCH using HTTP version 1.0 as specified by the
UPnP Device Architecture.
(cherry picked from commit 6c6fb3707f809b7bf7373b2fbe496913255f6227)
The variable num_read was beeing used without beeing initialized.
Also, clean up the function return path and make sure va_end()
is beeing called.
(cherry picked from commit 9a28fcc95b502af6cfb6e6f303ea07c86336bdc1)
Currently, http_SendMessage was not able to write to write a buffer
due to a bad use of file_buf instead of buf. This bug was introduced by
the 0197-Doxygen-reformating-compiler-warnings patch.
(cherry picked from commit 2c3bce13bdcf534c77f525c7e7960cad2bf43087)
Currently, pupnp is using a blocking connect to sends GENA
notifications. As a result, when there is a lot of notifications with
CPs which were disconnected without unsusbcribing, all the pupnp
threads are blocked for 20s (timeout). To correct this issue, this
patch replace the call to connect with a call to private_connect and add
a compilation flag to disable blocking TCP connections, so if we are not
able to connect to the CP, the notification is lost.
(cherry picked from commit 32cffb5bb55a650b1eb962c6fe2e58e6bf4fe2c5)
Currently, in sock_read_write function, if the timeout is 0, pupnp
realizes a "blocking" select (with an infinite timeout). With this
patch, if timeout is set to 0, pupnp will realize a "polling" select
and returns immediately if it can not read or write on the socket. This
is very useful for GENA notifications when pupnp is trying to send
events to a disconnected Control Point. "Blocking" select can now be
done by putting a negative timeout value.
