Fix various potential illegal access and memory leaks in error conditions.
This commit is contained in:
Justin Maggard
parent
6e43ab3c06
commit
d492b43ef8
@ -41,11 +41,9 @@
|
||||
static int
|
||||
art_cache_exists(const char *orig_path, char **cache_file)
|
||||
{
|
||||
if( asprintf(cache_file, "%s/art_cache%s", db_path, orig_path) < 0 )
|
||||
{
|
||||
*cache_file = NULL;
|
||||
if( xasprintf(cache_file, "%s/art_cache%s", db_path, orig_path) < 0 )
|
||||
return 0;
|
||||
}
|
||||
|
||||
strcpy(strchr(*cache_file, '\0')-4, ".jpg");
|
||||
|
||||
return (!access(*cache_file, F_OK));
|
||||
|
||||
@ -63,6 +63,7 @@
|
||||
#include "upnpglobalvars.h"
|
||||
#include "getifaddr.h"
|
||||
#include "minissdp.h"
|
||||
#include "utils.h"
|
||||
#include "log.h"
|
||||
|
||||
static int
|
||||
@ -227,11 +228,14 @@ getsyshwaddr(char *buf, int len)
|
||||
|
||||
ifaces = if_nameindex();
|
||||
if (!ifaces)
|
||||
{
|
||||
close(fd);
|
||||
return ret;
|
||||
}
|
||||
|
||||
for (if_idx = ifaces; if_idx->if_index; if_idx++)
|
||||
{
|
||||
strncpy(ifr.ifr_name, if_idx->if_name, IFNAMSIZ);
|
||||
strncpyt(ifr.ifr_name, if_idx->if_name, IFNAMSIZ);
|
||||
if (ioctl(fd, SIOCGIFFLAGS, &ifr) < 0)
|
||||
continue;
|
||||
if (ifr.ifr_ifru.ifru_flags & IFF_LOOPBACK)
|
||||
@ -356,6 +360,7 @@ OpenAndConfMonitorSocket(void)
|
||||
if (ret < 0)
|
||||
{
|
||||
perror("couldn't bind");
|
||||
close(s);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
@ -689,7 +689,8 @@ start_inotify()
|
||||
}
|
||||
else
|
||||
{
|
||||
length = read(pollfds[0].fd, buffer, BUF_LEN);
|
||||
length = read(pollfds[0].fd, buffer, BUF_LEN);
|
||||
buffer[BUF_LEN-1] = '\0';
|
||||
}
|
||||
|
||||
i = 0;
|
||||
@ -704,7 +705,7 @@ start_inotify()
|
||||
continue;
|
||||
}
|
||||
esc_name = modifyString(strdup(event->name), "&", "&amp;");
|
||||
sprintf(path_buf, "%s/%s", get_path_from_wd(event->wd), event->name);
|
||||
snprintf(path_buf, sizeof(path_buf), "%s/%s", get_path_from_wd(event->wd), event->name);
|
||||
if ( event->mask & IN_ISDIR && (event->mask & (IN_CREATE|IN_MOVED_TO)) )
|
||||
{
|
||||
DPRINTF(E_DEBUG, L_INOTIFY, "The directory %s was %s.\n",
|
||||
|
||||
@ -772,7 +772,7 @@ SubmitServicesToMiniSSDPD(const char *host, unsigned short port)
|
||||
return -1;
|
||||
}
|
||||
addr.sun_family = AF_UNIX;
|
||||
strncpy(addr.sun_path, minissdpdsocketpath, sizeof(addr.sun_path));
|
||||
strncpyt(addr.sun_path, minissdpdsocketpath, sizeof(addr.sun_path));
|
||||
if (connect(s, (struct sockaddr *)&addr, sizeof(struct sockaddr_un)) < 0)
|
||||
{
|
||||
DPRINTF(E_ERROR, L_SSDP, "connect(\"%s\"): %s",
|
||||
|
||||
@ -44,7 +44,7 @@ insert_playlist(const char * path, char * name)
|
||||
int items = 0, matches, ret;
|
||||
char type[4];
|
||||
|
||||
strncpy(type, strrchr(name, '.')+1, 4);
|
||||
strncpyt(type, strrchr(name, '.')+1, 4);
|
||||
|
||||
if( start_plist(path, NULL, &file, NULL, type) != 0 )
|
||||
{
|
||||
@ -109,7 +109,7 @@ gen_dir_hash(const char *path)
|
||||
}
|
||||
|
||||
int
|
||||
fill_playlists()
|
||||
fill_playlists(void)
|
||||
{
|
||||
int rows, i, found, len;
|
||||
char **result;
|
||||
@ -138,7 +138,7 @@ fill_playlists()
|
||||
last_dir = NULL;
|
||||
last_hash = 0;
|
||||
|
||||
strncpy(type, strrchr(plpath, '.')+1, 4);
|
||||
strncpyt(type, strrchr(plpath, '.')+1, 4);
|
||||
|
||||
if( start_plist(plpath, NULL, &file, NULL, type) != 0 )
|
||||
continue;
|
||||
|
||||
@ -103,11 +103,11 @@ _get_aactags(char *file, struct song_metadata *psong)
|
||||
len = 22;
|
||||
|
||||
current_data = (char*)malloc(len); // extra byte
|
||||
memset(current_data, 0x00, len);
|
||||
|
||||
if(fread(current_data, 1, current_size - 8, fin) != current_size - 8)
|
||||
break;
|
||||
|
||||
current_data[len-1] = '\0';
|
||||
if(!memcmp(current_atom, "\xA9" "nam", 4))
|
||||
psong->title = strdup((char*)¤t_data[16]);
|
||||
else if(!memcmp(current_atom, "\xA9" "ART", 4) ||
|
||||
|
||||
@ -226,6 +226,8 @@ _asf_read_media_stream(FILE *fp, struct song_metadata *psong, uint32_t size)
|
||||
if(len > size)
|
||||
len = size;
|
||||
|
||||
memset(&s, 0, sizeof(s));
|
||||
|
||||
if(len != fread(&s.MajorType, 1, len, fp))
|
||||
return -1;
|
||||
|
||||
@ -257,6 +259,8 @@ _asf_read_stream_object(FILE *fp, struct song_metadata *psong, uint32_t size)
|
||||
if(size < len)
|
||||
return -1;
|
||||
|
||||
memset(&s, 0, sizeof(s));
|
||||
|
||||
if(len != fread(&s.StreamType, 1, len, fp))
|
||||
return -1;
|
||||
|
||||
@ -285,6 +289,8 @@ _asf_read_extended_stream_object(FILE *fp, struct song_metadata *psong, uint32_t
|
||||
if(size < sizeof(asf_extended_stream_object_t))
|
||||
return -1;
|
||||
|
||||
memset(&xs, 0, sizeof(xs));
|
||||
|
||||
len = sizeof(xs) - offsetof(asf_extended_stream_object_t, StartTime);
|
||||
if(len != fread(&xs.StartTime, 1, len, fp))
|
||||
return -1;
|
||||
|
||||
@ -67,6 +67,7 @@
|
||||
#include "upnpglobalvars.h"
|
||||
#include "upnpdescgen.h"
|
||||
#include "uuid.h"
|
||||
#include "utils.h"
|
||||
#include "log.h"
|
||||
|
||||
/* stuctures definitions */
|
||||
@ -130,7 +131,7 @@ newSubscriber(const char * eventurl, const char * callback, int callbacklen)
|
||||
memcpy(tmp->callback, callback, callbacklen);
|
||||
tmp->callback[callbacklen] = '\0';
|
||||
/* make a dummy uuid */
|
||||
strncpy(tmp->uuid, uuidvalue, sizeof(tmp->uuid));
|
||||
strncpyt(tmp->uuid, uuidvalue, sizeof(tmp->uuid));
|
||||
if( get_uuid_string(tmp->uuid+5) != 0 )
|
||||
{
|
||||
tmp->uuid[sizeof(tmp->uuid)-1] = '\0';
|
||||
|
||||
@ -1068,19 +1068,20 @@ Process_upnphttp(struct upnphttp * h)
|
||||
break;
|
||||
case 1:
|
||||
case 2:
|
||||
n = recv(h->socket, buf, 2048, 0);
|
||||
if(n<0)
|
||||
n = recv(h->socket, buf, sizeof(buf), 0);
|
||||
if(n < 0)
|
||||
{
|
||||
DPRINTF(E_ERROR, L_HTTP, "recv (state%d): %s\n", h->state, strerror(errno));
|
||||
h->state = 100;
|
||||
}
|
||||
else if(n==0)
|
||||
else if(n == 0)
|
||||
{
|
||||
DPRINTF(E_WARN, L_HTTP, "HTTP Connection closed unexpectedly\n");
|
||||
h->state = 100;
|
||||
}
|
||||
else
|
||||
{
|
||||
buf[sizeof(buf)-1] = '\0';
|
||||
/*fwrite(buf, 1, n, stdout);*/ /* debug */
|
||||
h->req_buf = (char *)realloc(h->req_buf, n + h->req_buflen);
|
||||
memcpy(h->req_buf + h->req_buflen, buf, n);
|
||||
|
||||
11
upnpsoap.c
11
upnpsoap.c
@ -518,7 +518,7 @@ parse_sort_criteria(char *sortCriteria, int *error)
|
||||
|
||||
if( force_sort_criteria )
|
||||
sortCriteria = strdup(force_sort_criteria);
|
||||
else if( !sortCriteria )
|
||||
if( !sortCriteria )
|
||||
return NULL;
|
||||
|
||||
if( (item = strtok_r(sortCriteria, ",", &saveptr)) )
|
||||
@ -529,7 +529,7 @@ parse_sort_criteria(char *sortCriteria, int *error)
|
||||
str.off = 0;
|
||||
strcatf(&str, "order by ");
|
||||
}
|
||||
for( i=0; item != NULL; i++ )
|
||||
for( i = 0; item != NULL; i++ )
|
||||
{
|
||||
reverse=0;
|
||||
if( i )
|
||||
@ -1238,21 +1238,22 @@ BrowseContentDirectory(struct upnphttp * h, const char * action)
|
||||
if( strncmp(ObjectID, MUSIC_PLIST_ID, strlen(MUSIC_PLIST_ID)) == 0 )
|
||||
{
|
||||
if( strcmp(ObjectID, MUSIC_PLIST_ID) == 0 )
|
||||
ret = asprintf(&orderBy, "order by d.TITLE");
|
||||
ret = xasprintf(&orderBy, "order by d.TITLE");
|
||||
else
|
||||
ret = asprintf(&orderBy, "order by length(OBJECT_ID), OBJECT_ID");
|
||||
ret = xasprintf(&orderBy, "order by length(OBJECT_ID), OBJECT_ID");
|
||||
}
|
||||
else if( args.flags & FLAG_FORCE_SORT )
|
||||
{
|
||||
#ifdef __sparc__
|
||||
if( totalMatches < 10000 )
|
||||
#endif
|
||||
ret = asprintf(&orderBy, "order by o.CLASS, d.DISC, d.TRACK, d.TITLE");
|
||||
ret = xasprintf(&orderBy, "order by o.CLASS, d.DISC, d.TRACK, d.TITLE");
|
||||
}
|
||||
else
|
||||
orderBy = parse_sort_criteria(SortCriteria, &ret);
|
||||
if( ret == -1 )
|
||||
{
|
||||
free(orderBy);
|
||||
orderBy = NULL;
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user