brunokeymolen / upnpx

Open Source Mac OS X / iOS Cocoa UPnP Stack
https://code.google.com/archive/p/upnpx/
1 stars 0 forks source link

1.2.4 bug upnp event headerlength parse error in httpsession.cpp #11

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Hi programmer, 
i found a bug and fix it in httpsession.cpp, see following

       ++memset(&sessionBuf[currentFillLength], 0, sessionBufLen - currentFillLength);//which i fix
       ++memcpy(&sessionBuf[currentFillLength], buf, len);//which i fix
       if(firstData){
        --ret = ParseHeader(buf, len);
               ++ ret = ParseHeader((unsigned char*)&sessionBuf[currentFillLength], len); //which i fix
        if(ret < 0){
            return ret;
        }
    }
    firstData = false;

    ++currentFillLength = currentFillLength + len; //which i fix
    --memcpy(&sessionBuf[currentFillLength], buf, len);
    --currentFillLength = currentFillLength + len;

these code will parse a wrong header length that will lead to following event 
para lost it's first "<", because the receive buffer not cleaned correctly, so 
i copy the but to cleaned session buffer and parse there. this will fix it.
still you can clean socket receive buffer also can fix this. 

br
linn song 

Original issue reported on code.google.com by linn.lin...@gmail.com on 17 Jun 2012 at 6:26