Date: Tuesday, January 9, 2018 @ 20:16:44 Author: jelle Revision: 314302
FS#56979 Fix segfault in http_MakeMessage Added: libupnp/trunk/segfault_http_makemessage.patch Modified: libupnp/trunk/PKGBUILD ---------------------------------+ PKGBUILD | 13 ++++++++-- segfault_http_makemessage.patch | 45 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 3 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2018-01-09 18:32:26 UTC (rev 314301) +++ PKGBUILD 2018-01-09 20:16:44 UTC (rev 314302) @@ -4,7 +4,7 @@ pkgname=libupnp pkgver=1.6.24 -pkgrel=1 +pkgrel=2 pkgdesc="Portable Open Source UPnP Development Kit" arch=('x86_64') url="http://pupnp.sourceforge.net/" @@ -11,9 +11,16 @@ license=('BSD') depends=('glibc') makedepends=('pkgconfig') -source=("http://downloads.sourceforge.net/sourceforge/pupnp/${pkgname}-${pkgver}.tar.bz2") -md5sums=('c5f4a3b674741d85ef29258841ccd540') +source=("http://downloads.sourceforge.net/sourceforge/pupnp/${pkgname}-${pkgver}.tar.bz2" + "segfault_http_makemessage.patch") +md5sums=('c5f4a3b674741d85ef29258841ccd540' + 'b5ab030107cadfb307dc1b809b7a5fe3') +prepare() { + cd "${srcdir}/${pkgname}-${pkgver}" + patch -Np1 -i $srcdir/segfault_http_makemessage.patch +} + build() { cd "${srcdir}/${pkgname}-${pkgver}" Added: segfault_http_makemessage.patch =================================================================== --- segfault_http_makemessage.patch (rev 0) +++ segfault_http_makemessage.patch 2018-01-09 20:16:44 UTC (rev 314302) @@ -0,0 +1,45 @@ +From 70e3d626378e12ea50d76dfda50311c8bb4a2a78 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rg=20Krause?= <joerg.krause@embedded.rocks> +Date: Tue, 5 Dec 2017 11:29:44 +0100 +Subject: [PATCH] Fix segmentation fault in http_MakeMessage + +When upmpdcli is linked with libupnp 1.6.24 it fails with an +segmentation fault, but linking with libupnp worked just fine. + +git bisect shows that commit 9c2e8ec8a0291ebe81959009e2f78edbdb47ced5 is +the bad one as the variable `extras` is not properly checked before +attempting to used it as a pointer. + +Asure `extras` is not Null before using it. +--- + upnp/src/genlib/net/http/httpreadwrite.c | 16 +++++++++------- + 1 file changed, 9 insertions(+), 7 deletions(-) + +diff --git a/upnp/src/genlib/net/http/httpreadwrite.c b/upnp/src/genlib/net/http/httpreadwrite.c +index 68cd4baa..57ab8051 100644 +--- a/upnp/src/genlib/net/http/httpreadwrite.c ++++ b/upnp/src/genlib/net/http/httpreadwrite.c +@@ -1662,14 +1662,16 @@ int http_MakeMessage(membuffer *buf, int http_major_version, + struct Extra_Headers *extras; + /* array of extra headers */ + extras = (struct Extra_Headers *) va_arg(argp, struct Extra_Headers *); +- while (extras->name) { +- if (extras->resp) { +- if (membuffer_append(buf, extras->resp, strlen(extras->resp))) +- goto error_handler; +- if (membuffer_append(buf, "\r\n", (size_t)2)) +- goto error_handler; ++ if (extras) { ++ while (extras->name) { ++ if (extras->resp) { ++ if (membuffer_append(buf, extras->resp, strlen(extras->resp))) ++ goto error_handler; ++ if (membuffer_append(buf, "\r\n", (size_t)2)) ++ goto error_handler; ++ } ++ extras++; + } +- extras++; + } + } + if (c == 's') {