miniupnpd: Correctly handle truncated snprintf() in SSDP code
This commit is contained in:
Thomas Bernard
parent
8432646a76
commit
18887cb1e4
|
|
@ -1,7 +1,10 @@
|
|||
$Id: Changelog.txt,v 1.334 2013/04/24 17:03:16 nanard Exp $
|
||||
$Id: Changelog.txt,v 1.335 2013/04/26 15:17:09 nanard Exp $
|
||||
|
||||
2013/04/26:
|
||||
Correctly handle truncated snprintf() in SSDP code
|
||||
|
||||
2013/04/24:
|
||||
to avoid build race conditions, genconfig.sh now use a temporary file
|
||||
to avoid build race conditions, genconfig.sh now uses a temporary file
|
||||
|
||||
2013/04/20:
|
||||
use scope in get_lan_for_peer() for IPv6 addresses
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: minissdp.c,v 1.48 2013/02/07 12:22:25 nanard Exp $ */
|
||||
/* $Id: minissdp.c,v 1.49 2013/04/26 15:17:10 nanard Exp $ */
|
||||
/* MiniUPnP project
|
||||
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
|
||||
* (c) 2006-2013 Thomas Bernard
|
||||
|
|
@ -369,6 +369,16 @@ SendSSDPAnnounce2(int s, const struct sockaddr * addr,
|
|||
st_is_uuid ? 0 : st_len, st, suffix,
|
||||
host, (unsigned int)port,
|
||||
upnp_bootid, upnp_bootid, upnp_configid);
|
||||
if(l<0)
|
||||
{
|
||||
syslog(LOG_ERR, "SendSSDPAnnounce2(): snprintf failed %m");
|
||||
return;
|
||||
}
|
||||
else if((unsigned)l>=sizeof(buf))
|
||||
{
|
||||
syslog(LOG_WARNING, "SendSSDPAnnounce2(): truncated output");
|
||||
l = sizeof(buf) - 1;
|
||||
}
|
||||
addrlen = (addr->sa_family == AF_INET6)
|
||||
? sizeof(struct sockaddr_in6) : sizeof(struct sockaddr_in);
|
||||
n = sendto(s, buf, l, 0,
|
||||
|
|
@ -446,13 +456,13 @@ SendSSDPNotify(int s, const struct sockaddr * dest,
|
|||
upnp_bootid, upnp_bootid, upnp_configid );
|
||||
if(l<0)
|
||||
{
|
||||
syslog(LOG_ERR, "SendSSDPNotifies() snprintf error");
|
||||
syslog(LOG_ERR, "SendSSDPNotify() snprintf error");
|
||||
return;
|
||||
}
|
||||
else if((unsigned int)l >= sizeof(bufr))
|
||||
{
|
||||
syslog(LOG_WARNING, "SendSSDPNotifies(): truncated output");
|
||||
l = sizeof(bufr);
|
||||
syslog(LOG_WARNING, "SendSSDPNotify(): truncated output");
|
||||
l = sizeof(bufr) - 1;
|
||||
}
|
||||
n = sendto(s, bufr, l, 0, dest,
|
||||
#ifdef ENABLE_IPV6
|
||||
|
|
@ -806,7 +816,7 @@ SendSSDPbyebye(int s, const struct sockaddr * dest,
|
|||
else if((unsigned int)l >= sizeof(bufr))
|
||||
{
|
||||
syslog(LOG_WARNING, "SendSSDPbyebye(): truncated output");
|
||||
l = sizeof(bufr);
|
||||
l = sizeof(bufr) - 1;
|
||||
}
|
||||
n = sendto(s, bufr, l, 0, dest,
|
||||
#ifdef ENABLE_IPV6
|
||||
|
|
@ -933,6 +943,12 @@ SubmitServicesToMiniSSDPD(const char * host, unsigned short port) {
|
|||
snprintf(ver_str, sizeof(ver_str), "%d", known_service_types[i].version);
|
||||
l = snprintf(strbuf, sizeof(strbuf), "%s::%s%s",
|
||||
uuidvalue, known_service_types[i].s, ver_str);
|
||||
if(l<0) {
|
||||
syslog(LOG_WARNING, "SubmitServicesToMiniSSDPD: snprintf %m");
|
||||
continue;
|
||||
} else if((unsigned)l>=sizeof(strbuf)) {
|
||||
l = sizeof(strbuf) - 1;
|
||||
}
|
||||
CODELENGTH(l, p);
|
||||
memcpy(p, strbuf, l);
|
||||
p += l;
|
||||
|
|
@ -942,6 +958,12 @@ SubmitServicesToMiniSSDPD(const char * host, unsigned short port) {
|
|||
p += l;
|
||||
l = snprintf(strbuf, sizeof(strbuf), "http://%s:%u" ROOTDESC_PATH,
|
||||
host, (unsigned int)port);
|
||||
if(l<0) {
|
||||
syslog(LOG_WARNING, "SubmitServicesToMiniSSDPD: snprintf %m");
|
||||
continue;
|
||||
} else if((unsigned)l>=sizeof(strbuf)) {
|
||||
l = sizeof(strbuf) - 1;
|
||||
}
|
||||
CODELENGTH(l, p);
|
||||
memcpy(p, strbuf, l);
|
||||
p += l;
|
||||
|
|
|
|||
Loading…
Reference in New Issue