Commit Graph

30 Commits

Author SHA1 Message Date
Pali Rohár 7d5fdf0743 miniupnpc: Fix usage of Windows _snprintf() function
_snprintf() differs from snprintf() in:

* on overflow it returns -1 instead of required buffer size
* on overflow it does not fill nul byte
* does not accept NULL/0 as a buffer

Microsoft implemented snprintf() in Visual Studio 2015 as part of UCRT.

Mingw32 contains snprintf() implementation only when __USE_MINGW_ANSI_STDIO
is defined.

Mingw-w64 versions prior to 8.0.0. contain snprintf() implementation when
__USE_MINGW_ANSI_STDIO or _UCRT is defined. Since version 8.0.0 it is
always supported.

Mingw-w64 defines both __MINGW32__ and __MINGW64_VERSION_MAJOR macros.
Mingw32 defines only __MINGW32__.

_scprintf() just count number of bytes needed for formatting string, so it
is basically return value of snprintf().

This change updates miniupnpc code to use snprintf() when is provided by
compiler/runtime to avoid usage _snprintf().

And also this changes updates miniupnpc emulation of snprintf() by
_snprintf() and _scprintf() functions to avoid buffer overflows.

For inspiration full emulation of snprintf() by _snprintf() is available in
mingw-w64 stdio library:

https://sourceforge.net/p/mingw-w64/mingw-w64/ci/master/tree/mingw-w64-crt/stdio/snprintf.c
2020-10-02 22:32:36 +02:00
Thomas Bernard 6358882f19 check string passed to atoi() 2020-09-28 23:24:54 +02:00
irwir bded13f390 When code was updated for 64-bit Windows configurations, some changes were not applied.
Details :
  cast for connect() sendto() arguments
  remove unecessary p = NULL;
  remove unecessary code
  printf format fixes in ssdpDiscoverDevices()

fixes #311

Signed-off-by: Thomas Bernard <miniupnp@free.fr>
2018-07-06 11:35:12 +02:00
Thomas Bernard 284db0bb49 miniupnpc: use SOCKET type instead of int for copilation under Win64
see #289
2018-04-06 12:21:36 +02:00
Thomas Bernard 8945a6ee15 miniupnpc/miniwget.c: remove useless test
see #289
2018-03-14 00:23:10 +01:00
Thomas Bernard f0f1f4b22d miniupnpc: Fix CVE-2017-8798
Thanks to tin/Team OSTStrom
2017-05-09 12:00:47 +02:00
Thomas Bernard 086c387924 miniwget.c: use sizeof(buf) 2017-05-05 12:46:09 +02:00
Thomas Bernard 960f8666e8 remove warning: variable 'reason_phrase_len' set but not used
when DEBUG is disabled
also
warning: variable 'reason_phrase' set but not used
2016-11-11 12:35:59 +01:00
Thomas Bernard c4991916e5 miniupnpc: change miniwget to return HTTP status code
increments API_VERSION to 16
2016-01-24 18:30:41 +01:00
Thomas Bernard d1243e157d parse HTTP response status line in miniwget.c 2016-01-22 16:53:19 +01:00
Wladimir J. van der Laan 4c90b87ce3 Check snprintf result
Verify that the buffer size was large enough to write the output,
raise an error condition if not.
2015-10-25 21:13:23 +01:00
Thomas Bernard b55ecd70ef miniupnpc: mem leaks fixes. 2015-07-30 01:10:03 +02:00
Thomas Bernard e0999ace78 miniupnpc: Check malloc/calloc return values
fixes #136
2015-07-15 14:48:57 +02:00
Thomas Bernard 557fd71fb1 miniupnpc: check realloc() return 2015-02-06 11:39:16 +01:00
Mike Gelfand c490b42547 Fix _POSIX_C_SOURCE definition
Current code makes use of `snprintf` function defined in C99 standard
but _POSIX_C_SOURCE is set to "1" which is not correct. To access C99
definitions, this macro should be set to at least "200112L".

Also, `strncasecmp` function is being used but corresponding <strings.h>
header is not being included in miniwget.c.

Changes have been tested on FreeBSD 10.1 amd64 with default compiler
(Clang).
2014-11-19 17:06:14 +03:00
Thomas Bernard 55fc3e4c3c miniupnpc: use #define UPNP_VERSION_STRING "UPnP/1.1" 2014-11-05 06:34:51 +01:00
Thomas Bernard 626cd2cd6c miniupnpc/miniwget.c: define MIN only when not defined by system headers 2014-08-26 20:48:34 +02:00
Thomas Bernard e222e50b24 miniupnpc: Compile with GNU/Hurd and GNU/kFreeBSD 2014-06-02 17:13:52 +02:00
Thomas Bernard cd5cb6e48e removed unused stuff 2014-02-05 18:32:29 +01:00
Thomas Bernard 3a87aa2f10 miniwget.c: fixed potential buffer overrun 2013-12-09 09:31:04 +01:00
Thomas Bernard b0c66c01e2 miniupnpc: define MAXHOSTNAMELEN if not already done 2013-12-09 09:31:04 +01:00
Thomas Bernard 0aea9dc0fb Try to handle scope id in link local IPv6 URL under MS Windows 2012-08-29 09:58:39 +02:00
Thomas Bernard c585986d2f miniupnpc: parseURL()/miniwget() : IPv6 addresses scope 2012-06-24 00:55:31 +02:00
Thomas Bernard 0e85a91784 #define MINIUPNPC_GET_SRC_ADDR enables receivedata() to get scope_id 2012-06-24 00:52:51 +02:00
Thomas Bernard 24e6129c29 removed unused argument url in minwget2() miniwget3() 2012-05-01 20:54:11 +02:00
Thomas Bernard 9fc7b7058a Fix signed/unsigned integer comparaisons 2012-05-01 20:53:19 +02:00
Shawn Landen 6e14420ab1 remove trailing whitespace from miniupnpc 2012-02-29 17:51:24 -08:00
Thomas Bernard 35e25ab375 Replaced WIN32 macro by _WIN32 2012-01-21 14:38:38 +01:00
Thomas Bernard 04d13c7152 always #include <netinet/in.h> before <arpa/inet.h> 2012-01-20 23:09:40 +01:00
Thomas Bernard c183a72c46 Added miniupnpc 2011-09-27 22:25:35 +02:00