From 57a06974bfa077851a2823f4a591e5133a0b56e9 Mon Sep 17 00:00:00 2001
From: Thomas Bernard <miniupnp@free.fr>
Date: Tue, 1 May 2012 11:57:20 +0200
Subject: [PATCH] check sidlen before string compare

---
 miniupnpd/upnpevents.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/miniupnpd/upnpevents.c b/miniupnpd/upnpevents.c
index 5b6ca49..abeda6f 100644
--- a/miniupnpd/upnpevents.c
+++ b/miniupnpd/upnpevents.c
@@ -140,7 +140,7 @@ renewSubscription(const char * sid, int sidlen, int timeout)
 {
 	struct subscriber * sub;
 	for(sub = subscriberlist.lh_first; sub != NULL; sub = sub->entries.le_next) {
-		if(memcmp(sid, sub->uuid, 41) == 0) {
+		if((sidlen == 41) && (memcmp(sid, sub->uuid, 41) == 0)) {
 			sub->timeout = (timeout ? time(NULL) + timeout : 0);
 			return 0;
 		}
@@ -155,7 +155,7 @@ upnpevents_removeSubscriber(const char * sid, int sidlen)
 	if(!sid)
 		return -1;
 	for(sub = subscriberlist.lh_first; sub != NULL; sub = sub->entries.le_next) {
-		if(memcmp(sid, sub->uuid, 41) == 0) {
+		if((sidlen == 41) && (memcmp(sid, sub->uuid, 41) == 0)) {
 			if(sub->notify) {
 				sub->notify->sub = NULL;
 			}