Bjrn Ketelaars [2019-03-07, 07:09:48]:
> Diff below brings miniupnpd to the latest version (2.1). Changelog can
> be found at
> http://miniupnp.free.fr/files/changelog.php?file=miniupnpd-2.1.tar.gz
>
> (Lightly) tested at home by a PS4-fanatic.
these patches (from upstream) avoid crashes by null pointer dereference
on receiving a request without those parameters.
ok?
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/miniupnp/miniupnpd/Makefile,v
retrieving revision 1.19
diff -u -p -u -r1.19 Makefile
--- Makefile 11 Mar 2019 20:05:23 -0000 1.19
+++ Makefile 18 Mar 2019 23:33:03 -0000
@@ -3,7 +3,7 @@
COMMENT= UPnP IGD daemon
DISTNAME= miniupnpd-2.1
-REVISION= 0
+REVISION= 1
WANTLIB += c crypto kvm ssl
Index: patches/patch-upnpsoap_c
===================================================================
RCS file: patches/patch-upnpsoap_c
diff -N patches/patch-upnpsoap_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-upnpsoap_c 18 Mar 2019 23:33:03 -0000
@@ -0,0 +1,28 @@
+$OpenBSD$
+
+Index: upnpsoap.c
+--- upnpsoap.c.orig
++++ upnpsoap.c
+@@ -590,7 +590,7 @@ AddAnyPortMapping(struct upnphttp * h, const char * ac
+ if(leaseduration == 0)
+ leaseduration = 604800;
+
+- if (!int_ip || !ext_port || !int_port)
++ if (!int_ip || !ext_port || !int_port || !protocol)
+ {
+ ClearNameValueList(&data);
+ SoapError(h, 402, "Invalid Args");
+@@ -1841,6 +1841,13 @@ GetOutboundPinholeTimeout(struct upnphttp * h, const c
+ rem_host = GetValueFromNameValueList(&data, "RemoteHost");
+ rem_port = GetValueFromNameValueList(&data, "RemotePort");
+ protocol = GetValueFromNameValueList(&data, "Protocol");
++
++ if (!int_port || !rem_port || !protocol)
++ {
++ ClearNameValueList(&data);
++ SoapError(h, 402, "Invalid Args");
++ return;
++ }
+
+ rport = (unsigned short)atoi(rem_port);
+ iport = (unsigned short)atoi(int_port);
