Bjrn Ketelaars [2019-03-07, 07:09:48]: > Diff below brings miniupnpd to the latest version (2.1). Changelog can > be found at > http://miniupnp.free.fr/files/changelog.php?file=miniupnpd-2.1.tar.gz > > (Lightly) tested at home by a PS4-fanatic.
these patches (from upstream) avoid crashes by null pointer dereference on receiving a request without those parameters. ok? Index: Makefile =================================================================== RCS file: /cvs/ports/net/miniupnp/miniupnpd/Makefile,v retrieving revision 1.19 diff -u -p -u -r1.19 Makefile --- Makefile 11 Mar 2019 20:05:23 -0000 1.19 +++ Makefile 18 Mar 2019 23:33:03 -0000 @@ -3,7 +3,7 @@ COMMENT= UPnP IGD daemon DISTNAME= miniupnpd-2.1 -REVISION= 0 +REVISION= 1 WANTLIB += c crypto kvm ssl Index: patches/patch-upnpsoap_c =================================================================== RCS file: patches/patch-upnpsoap_c diff -N patches/patch-upnpsoap_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-upnpsoap_c 18 Mar 2019 23:33:03 -0000 @@ -0,0 +1,28 @@ +$OpenBSD$ + +Index: upnpsoap.c +--- upnpsoap.c.orig ++++ upnpsoap.c +@@ -590,7 +590,7 @@ AddAnyPortMapping(struct upnphttp * h, const char * ac + if(leaseduration == 0) + leaseduration = 604800; + +- if (!int_ip || !ext_port || !int_port) ++ if (!int_ip || !ext_port || !int_port || !protocol) + { + ClearNameValueList(&data); + SoapError(h, 402, "Invalid Args"); +@@ -1841,6 +1841,13 @@ GetOutboundPinholeTimeout(struct upnphttp * h, const c + rem_host = GetValueFromNameValueList(&data, "RemoteHost"); + rem_port = GetValueFromNameValueList(&data, "RemotePort"); + protocol = GetValueFromNameValueList(&data, "Protocol"); ++ ++ if (!int_port || !rem_port || !protocol) ++ { ++ ClearNameValueList(&data); ++ SoapError(h, 402, "Invalid Args"); ++ return; ++ } + + rport = (unsigned short)atoi(rem_port); + iport = (unsigned short)atoi(int_port);