see #465#0 0x555719469ec5 in AddAnyPortMapping.cfi /home/ryutaroh/miniupnpd-1018/miniupnp/miniupnpd/upnpsoap.c:703:42
#1 0x5557194705a7 in ExecuteSoapAction /home/ryutaroh/miniupnpd-1018/miniupnp/miniupnpd/upnpsoap.c:2335:5
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior upnpsoap.c:703:42 in
* Move it into separate win32_snprintf.h file to de-duplicate its
implementation from all miniupnp source files.
* Do not use this emulation with mingw32 SDK when __NO_ISOCEXT is not
defined as in this case mingw32 provides working snprintf function.
* Fix detection for mingw-w64 variants, when __NO_ISOCEXT is defined or
when older version without UCRT is used.
* Add check if _scprintf function is available. In case it is not available
just returns length of filled buffer to prevent buffer overflow.
_snprintf() differs from snprintf() in:
* on overflow it returns -1 instead of required buffer size
* on overflow it does not fill nul byte
* does not accept NULL/0 as a buffer
Microsoft implemented snprintf() in Visual Studio 2015 as part of UCRT.
Mingw32 contains snprintf() implementation only when __USE_MINGW_ANSI_STDIO
is defined.
Mingw-w64 versions prior to 8.0.0. contain snprintf() implementation when
__USE_MINGW_ANSI_STDIO or _UCRT is defined. Since version 8.0.0 it is
always supported.
Mingw-w64 defines both __MINGW32__ and __MINGW64_VERSION_MAJOR macros.
Mingw32 defines only __MINGW32__.
_scprintf() just count number of bytes needed for formatting string, so it
is basically return value of snprintf().
This change updates miniupnpc code to use snprintf() when is provided by
compiler/runtime to avoid usage _snprintf().
And also this changes updates miniupnpc emulation of snprintf() by
_snprintf() and _scprintf() functions to avoid buffer overflows.
For inspiration full emulation of snprintf() by _snprintf() is available in
mingw-w64 stdio library:
https://sourceforge.net/p/mingw-w64/mingw-w64/ci/master/tree/mingw-w64-crt/stdio/snprintf.c
Check for 0.0.0.0, 192.168., 10. and 172. is not enough. Nowadays routers
behind NAT are getting IP address from shared CG-NAT space 100.64.0.0/10.
This patch adjust miniupnpc to check for all reserved IPv4 addresses.
Thomas Bernard
Pali Rohár
BERNARD Thomas
Chen Minqiang