* Fix a potential buffer overflow in ProcessSSDPRequest().

2009-10-09 01:13:07 +00:00 · 2009-10-09 01:13:07 +00:00 · f3d9805d7b
commit f3d9805d7b
parent 9ac3e78991
1 changed files with 3 additions and 3 deletions
--- a/minissdp.c
+++ b/minissdp.c
@ -354,10 +354,10 @@ ProcessSSDPRequest(int s, unsigned short port)
 		}
 		while(i < n)
 		{
-			while(bufr[i] != '\r' || bufr[i+1] != '\n')
+			while((i < n - 1) && (bufr[i] != '\r' || bufr[i+1] != '\n'))
 				i++;
 			i += 2;
-			if(strncasecmp(bufr+i, "ST:", 3) == 0)
+			if((i < n - 3) && (strncasecmp(bufr+i, "ST:", 3) == 0))
 			{
 				st = bufr+i+3;
 				st_len = 0;
@ -397,7 +397,7 @@ ProcessSSDPRequest(int s, unsigned short port)
 			DPRINTF(E_INFO, L_SSDP, "WARNING: Ignoring invalid SSDP M-SEARCH from %s [bad MX header %.*s]\n",
 			   inet_ntoa(sendername.sin_addr), mx_len, mx);
 		}
-		else if( st )
+		else if( st && (st_len > 0) )
 		{
 			DPRINTF(E_INFO, L_SSDP, "SSDP M-SEARCH from %s:%d ST: %.*s, MX: %.*s, MAN: %.*s\n",
 	        	   inet_ntoa(sendername.sin_addr),