[arch-commits] Commit in libupnp/trunk (PKGBUILD segfault_http_makemessage.patch)

Tue Jan 9 20:16:45 UTC 2018

Date: Tuesday, January 9, 2018 @ 20:16:44
  Author: jelle
Revision: 314302

FS#56979

Fix segfault in http_MakeMessage

Added:
  libupnp/trunk/segfault_http_makemessage.patch
Modified:
  libupnp/trunk/PKGBUILD

---------------------------------+
 PKGBUILD                        |   13 ++++++++--
 segfault_http_makemessage.patch |   45 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+), 3 deletions(-)

Modified: PKGBUILD
===================================================================

--- PKGBUILD	2018-01-09 18:32:26 UTC (rev 314301)
+++ PKGBUILD	2018-01-09 20:16:44 UTC (rev 314302)
@@ -4,7 +4,7 @@
 
 pkgname=libupnp
 pkgver=1.6.24
-pkgrel=1
+pkgrel=2
 pkgdesc="Portable Open Source UPnP Development Kit"
 arch=('x86_64')
 url="http://pupnp.sourceforge.net/"
@@ -11,9 +11,16 @@
 license=('BSD')
 depends=('glibc')
 makedepends=('pkgconfig')
-source=("http://downloads.sourceforge.net/sourceforge/pupnp/${pkgname}-${pkgver}.tar.bz2")
-md5sums=('c5f4a3b674741d85ef29258841ccd540')
+source=("http://downloads.sourceforge.net/sourceforge/pupnp/${pkgname}-${pkgver}.tar.bz2"
+        "segfault_http_makemessage.patch")
+md5sums=('c5f4a3b674741d85ef29258841ccd540'
+         'b5ab030107cadfb307dc1b809b7a5fe3')
 
+prepare() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+  patch -Np1 -i $srcdir/segfault_http_makemessage.patch
+}
+
 build() {
   cd "${srcdir}/${pkgname}-${pkgver}"
 

Added: segfault_http_makemessage.patch
===================================================================
--- segfault_http_makemessage.patch	                        (rev 0)
+++ segfault_http_makemessage.patch	2018-01-09 20:16:44 UTC (rev 314302)
@@ -0,0 +1,45 @@
+From 70e3d626378e12ea50d76dfda50311c8bb4a2a78 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=B6rg=20Krause?= <joerg.krause at embedded.rocks>
+Date: Tue, 5 Dec 2017 11:29:44 +0100
+Subject: [PATCH] Fix segmentation fault in http_MakeMessage
+
+When upmpdcli is linked with libupnp 1.6.24 it fails with an
+segmentation fault, but linking with libupnp worked just fine.
+
+git bisect shows that commit 9c2e8ec8a0291ebe81959009e2f78edbdb47ced5 is
+the bad one as the variable `extras` is not properly checked before
+attempting to used it as a pointer.
+
+Asure `extras` is not Null before using it.
+---
+ upnp/src/genlib/net/http/httpreadwrite.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/upnp/src/genlib/net/http/httpreadwrite.c b/upnp/src/genlib/net/http/httpreadwrite.c
+index 68cd4baa..57ab8051 100644
+--- a/upnp/src/genlib/net/http/httpreadwrite.c
++++ b/upnp/src/genlib/net/http/httpreadwrite.c
+@@ -1662,14 +1662,16 @@ int http_MakeMessage(membuffer *buf, int http_major_version,
+ 			struct Extra_Headers *extras;
+ 			/* array of extra headers */
+ 			extras = (struct Extra_Headers *) va_arg(argp, struct Extra_Headers *);
+-			while (extras->name) {
+-				if (extras->resp) {
+-					if (membuffer_append(buf, extras->resp, strlen(extras->resp)))
+-						goto error_handler;
+-					if (membuffer_append(buf, "\r\n", (size_t)2))
+-						goto error_handler;
++			if (extras) {
++				while (extras->name) {
++					if (extras->resp) {
++						if (membuffer_append(buf, extras->resp, strlen(extras->resp)))
++							goto error_handler;
++						if (membuffer_append(buf, "\r\n", (size_t)2))
++							goto error_handler;
++					}
++					extras++;
+ 				}
+-				extras++;
+ 			}
+ 		}
+ 		if (c == 's') {

