storm/minidlna
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix various potential illegal access and memory leaks in error conditions.

Browse Source
This commit is contained in:
Justin Maggard 2014-04-07 11:20:19 -07:00
parent 6e43ab3c06
commit d492b43ef8
10 changed files with 34 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
albumart.c
View File

@ -41,11 +41,9 @@
static int static int
art_cache_exists(const char *orig_path, char **cache_file) art_cache_exists(const char *orig_path, char **cache_file)
{ {
if( asprintf(cache_file, "%s/art_cache%s", db_path, orig_path) < 0 ) if( xasprintf(cache_file, "%s/art_cache%s", db_path, orig_path) < 0 )
{
*cache_file = NULL;
return 0; return 0;
}
strcpy(strchr(*cache_file, '\0')-4, ".jpg"); strcpy(strchr(*cache_file, '\0')-4, ".jpg");
return (!access(*cache_file, F_OK)); return (!access(*cache_file, F_OK));

7
getifaddr.c
View File

@ -63,6 +63,7 @@
#include "upnpglobalvars.h" #include "upnpglobalvars.h"
#include "getifaddr.h" #include "getifaddr.h"
#include "minissdp.h" #include "minissdp.h"
#include "utils.h"
#include "log.h" #include "log.h"
static int static int
@ -227,11 +228,14 @@ getsyshwaddr(char *buf, int len)
ifaces = if_nameindex(); ifaces = if_nameindex();
if (!ifaces) if (!ifaces)
{
close(fd);
return ret; return ret;
}
for (if_idx = ifaces; if_idx->if_index; if_idx++) for (if_idx = ifaces; if_idx->if_index; if_idx++)
{ {
strncpy(ifr.ifr_name, if_idx->if_name, IFNAMSIZ); strncpyt(ifr.ifr_name, if_idx->if_name, IFNAMSIZ);
if (ioctl(fd, SIOCGIFFLAGS, &ifr) < 0) if (ioctl(fd, SIOCGIFFLAGS, &ifr) < 0)
continue; continue;
if (ifr.ifr_ifru.ifru_flags & IFF_LOOPBACK) if (ifr.ifr_ifru.ifru_flags & IFF_LOOPBACK)
@ -356,6 +360,7 @@ OpenAndConfMonitorSocket(void)
if (ret < 0) if (ret < 0)
{ {
perror("couldn't bind"); perror("couldn't bind");
close(s);
return -1; return -1;
} }

3
inotify.c
View File

@ -690,6 +690,7 @@ start_inotify()
else else
{ {
length = read(pollfds[0].fd, buffer, BUF_LEN); length = read(pollfds[0].fd, buffer, BUF_LEN);
buffer[BUF_LEN-1] = '\0';
} }
i = 0; i = 0;
@ -704,7 +705,7 @@ start_inotify()
continue; continue;
} }
esc_name = modifyString(strdup(event->name), "&", "&amp;amp;"); esc_name = modifyString(strdup(event->name), "&", "&amp;amp;");
sprintf(path_buf, "%s/%s", get_path_from_wd(event->wd), event->name); snprintf(path_buf, sizeof(path_buf), "%s/%s", get_path_from_wd(event->wd), event->name);
if ( event->mask & IN_ISDIR && (event->mask & (IN_CREATE|IN_MOVED_TO)) ) if ( event->mask & IN_ISDIR && (event->mask & (IN_CREATE|IN_MOVED_TO)) )
{ {
DPRINTF(E_DEBUG, L_INOTIFY, "The directory %s was %s.\n", DPRINTF(E_DEBUG, L_INOTIFY, "The directory %s was %s.\n",

2
minissdp.c
View File

@ -772,7 +772,7 @@ SubmitServicesToMiniSSDPD(const char *host, unsigned short port)
return -1; return -1;
} }
addr.sun_family = AF_UNIX; addr.sun_family = AF_UNIX;
strncpy(addr.sun_path, minissdpdsocketpath, sizeof(addr.sun_path)); strncpyt(addr.sun_path, minissdpdsocketpath, sizeof(addr.sun_path));
if (connect(s, (struct sockaddr *)&addr, sizeof(struct sockaddr_un)) < 0) if (connect(s, (struct sockaddr *)&addr, sizeof(struct sockaddr_un)) < 0)
{ {
DPRINTF(E_ERROR, L_SSDP, "connect(\"%s\"): %s", DPRINTF(E_ERROR, L_SSDP, "connect(\"%s\"): %s",

6
playlist.c
View File

@ -44,7 +44,7 @@ insert_playlist(const char * path, char * name)
int items = 0, matches, ret; int items = 0, matches, ret;
char type[4]; char type[4];
strncpy(type, strrchr(name, '.')+1, 4); strncpyt(type, strrchr(name, '.')+1, 4);
if( start_plist(path, NULL, &file, NULL, type) != 0 ) if( start_plist(path, NULL, &file, NULL, type) != 0 )
{ {
@ -109,7 +109,7 @@ gen_dir_hash(const char *path)
} }
int int
fill_playlists() fill_playlists(void)
{ {
int rows, i, found, len; int rows, i, found, len;
char **result; char **result;
@ -138,7 +138,7 @@ fill_playlists()
last_dir = NULL; last_dir = NULL;
last_hash = 0; last_hash = 0;
strncpy(type, strrchr(plpath, '.')+1, 4); strncpyt(type, strrchr(plpath, '.')+1, 4);
if( start_plist(plpath, NULL, &file, NULL, type) != 0 ) if( start_plist(plpath, NULL, &file, NULL, type) != 0 )
continue; continue;

2
tagutils/tagutils-aac.c
View File

@ -103,11 +103,11 @@ _get_aactags(char *file, struct song_metadata *psong)
len = 22; len = 22;
current_data = (char*)malloc(len); // extra byte current_data = (char*)malloc(len); // extra byte
memset(current_data, 0x00, len);
if(fread(current_data, 1, current_size - 8, fin) != current_size - 8) if(fread(current_data, 1, current_size - 8, fin) != current_size - 8)
break; break;
current_data[len-1] = '\0';
if(!memcmp(current_atom, "\xA9" "nam", 4)) if(!memcmp(current_atom, "\xA9" "nam", 4))
psong->title = strdup((char*)&current_data[16]); psong->title = strdup((char*)&current_data[16]);
else if(!memcmp(current_atom, "\xA9" "ART", 4) || else if(!memcmp(current_atom, "\xA9" "ART", 4) ||

6
tagutils/tagutils-asf.c
View File

@ -226,6 +226,8 @@ _asf_read_media_stream(FILE *fp, struct song_metadata *psong, uint32_t size)
if(len > size) if(len > size)
len = size; len = size;
memset(&s, 0, sizeof(s));
if(len != fread(&s.MajorType, 1, len, fp)) if(len != fread(&s.MajorType, 1, len, fp))
return -1; return -1;
@ -257,6 +259,8 @@ _asf_read_stream_object(FILE *fp, struct song_metadata *psong, uint32_t size)
if(size < len) if(size < len)
return -1; return -1;
memset(&s, 0, sizeof(s));
if(len != fread(&s.StreamType, 1, len, fp)) if(len != fread(&s.StreamType, 1, len, fp))
return -1; return -1;
@ -285,6 +289,8 @@ _asf_read_extended_stream_object(FILE *fp, struct song_metadata *psong, uint32_t
if(size < sizeof(asf_extended_stream_object_t)) if(size < sizeof(asf_extended_stream_object_t))
return -1; return -1;
memset(&xs, 0, sizeof(xs));
len = sizeof(xs) - offsetof(asf_extended_stream_object_t, StartTime); len = sizeof(xs) - offsetof(asf_extended_stream_object_t, StartTime);
if(len != fread(&xs.StartTime, 1, len, fp)) if(len != fread(&xs.StartTime, 1, len, fp))
return -1; return -1;

3
upnpevents.c
View File

@ -67,6 +67,7 @@
#include "upnpglobalvars.h" #include "upnpglobalvars.h"
#include "upnpdescgen.h" #include "upnpdescgen.h"
#include "uuid.h" #include "uuid.h"
#include "utils.h"
#include "log.h" #include "log.h"
/* stuctures definitions */ /* stuctures definitions */
@ -130,7 +131,7 @@ newSubscriber(const char * eventurl, const char * callback, int callbacklen)
memcpy(tmp->callback, callback, callbacklen); memcpy(tmp->callback, callback, callbacklen);
tmp->callback[callbacklen] = '\0'; tmp->callback[callbacklen] = '\0';
/* make a dummy uuid */ /* make a dummy uuid */
strncpy(tmp->uuid, uuidvalue, sizeof(tmp->uuid)); strncpyt(tmp->uuid, uuidvalue, sizeof(tmp->uuid));
if( get_uuid_string(tmp->uuid+5) != 0 ) if( get_uuid_string(tmp->uuid+5) != 0 )
{ {
tmp->uuid[sizeof(tmp->uuid)-1] = '\0'; tmp->uuid[sizeof(tmp->uuid)-1] = '\0';

3
upnphttp.c
View File

@ -1068,7 +1068,7 @@ Process_upnphttp(struct upnphttp * h)
break; break;
case 1: case 1:
case 2: case 2:
n = recv(h->socket, buf, 2048, 0); n = recv(h->socket, buf, sizeof(buf), 0);
if(n < 0) if(n < 0)
{ {
DPRINTF(E_ERROR, L_HTTP, "recv (state%d): %s\n", h->state, strerror(errno)); DPRINTF(E_ERROR, L_HTTP, "recv (state%d): %s\n", h->state, strerror(errno));
@ -1081,6 +1081,7 @@ Process_upnphttp(struct upnphttp * h)
} }
else else
{ {
buf[sizeof(buf)-1] = '\0';
/*fwrite(buf, 1, n, stdout);*/ /* debug */ /*fwrite(buf, 1, n, stdout);*/ /* debug */
h->req_buf = (char *)realloc(h->req_buf, n + h->req_buflen); h->req_buf = (char *)realloc(h->req_buf, n + h->req_buflen);
memcpy(h->req_buf + h->req_buflen, buf, n); memcpy(h->req_buf + h->req_buflen, buf, n);

9
upnpsoap.c
View File

@ -518,7 +518,7 @@ parse_sort_criteria(char *sortCriteria, int *error)
if( force_sort_criteria ) if( force_sort_criteria )
sortCriteria = strdup(force_sort_criteria); sortCriteria = strdup(force_sort_criteria);
else if( !sortCriteria ) if( !sortCriteria )
return NULL; return NULL;
if( (item = strtok_r(sortCriteria, ",", &saveptr)) ) if( (item = strtok_r(sortCriteria, ",", &saveptr)) )
@ -1238,21 +1238,22 @@ BrowseContentDirectory(struct upnphttp * h, const char * action)
if( strncmp(ObjectID, MUSIC_PLIST_ID, strlen(MUSIC_PLIST_ID)) == 0 ) if( strncmp(ObjectID, MUSIC_PLIST_ID, strlen(MUSIC_PLIST_ID)) == 0 )
{ {
if( strcmp(ObjectID, MUSIC_PLIST_ID) == 0 ) if( strcmp(ObjectID, MUSIC_PLIST_ID) == 0 )
ret = asprintf(&orderBy, "order by d.TITLE"); ret = xasprintf(&orderBy, "order by d.TITLE");
else else
ret = asprintf(&orderBy, "order by length(OBJECT_ID), OBJECT_ID"); ret = xasprintf(&orderBy, "order by length(OBJECT_ID), OBJECT_ID");
} }
else if( args.flags & FLAG_FORCE_SORT ) else if( args.flags & FLAG_FORCE_SORT )
{ {
#ifdef __sparc__ #ifdef __sparc__
if( totalMatches < 10000 ) if( totalMatches < 10000 )
#endif #endif
ret = asprintf(&orderBy, "order by o.CLASS, d.DISC, d.TRACK, d.TITLE"); ret = xasprintf(&orderBy, "order by o.CLASS, d.DISC, d.TRACK, d.TITLE");
} }
else else
orderBy = parse_sort_criteria(SortCriteria, &ret); orderBy = parse_sort_criteria(SortCriteria, &ret);
if( ret == -1 ) if( ret == -1 )
{ {
free(orderBy);
orderBy = NULL; orderBy = NULL;
ret = 0; ret = 0;
} }