From f3d9805d7b8cd6382f3bc5624b59e56f55ab9a31 Mon Sep 17 00:00:00 2001
From: Justin Maggard <jmaggard@netgear.com>
Date: Fri, 9 Oct 2009 01:13:07 +0000
Subject: [PATCH] * Fix a potential buffer overflow in ProcessSSDPRequest().

---
 minissdp.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/minissdp.c b/minissdp.c
index b661893..a39b0fd 100644
--- a/minissdp.c
+++ b/minissdp.c
@@ -354,10 +354,10 @@ ProcessSSDPRequest(int s, unsigned short port)
 		}
 		while(i < n)
 		{
-			while(bufr[i] != '\r' || bufr[i+1] != '\n')
+			while((i < n - 1) && (bufr[i] != '\r' || bufr[i+1] != '\n'))
 				i++;
 			i += 2;
-			if(strncasecmp(bufr+i, "ST:", 3) == 0)
+			if((i < n - 3) && (strncasecmp(bufr+i, "ST:", 3) == 0))
 			{
 				st = bufr+i+3;
 				st_len = 0;
@@ -397,7 +397,7 @@ ProcessSSDPRequest(int s, unsigned short port)
 			DPRINTF(E_INFO, L_SSDP, "WARNING: Ignoring invalid SSDP M-SEARCH from %s [bad MX header %.*s]\n",
 			   inet_ntoa(sendername.sin_addr), mx_len, mx);
 		}
-		else if( st )
+		else if( st && (st_len > 0) )
 		{
 			DPRINTF(E_INFO, L_SSDP, "SSDP M-SEARCH from %s:%d ST: %.*s, MX: %.*s, MAN: %.*s\n",
 	        	   inet_ntoa(sendername.sin_addr),