Package: libupnp Severity: important
When using the UpnpSendActionAsync method (and possibly other Async methods), the SDK stores the URL for the action in a struct UpnpNonblockParam. This has a fixed length array for storing the action URL of 100 characters. Some UPNP servers routinely generate control URLs longer than 100 characters: http://192.168.0.1:2869/upnphost/udhisapi.dll?control=uuid:xxxxxxxx-b4cb-41ac-827d-xxxxxxxxxxxx+urn:upnp-org:serviceId:ContentDirectory at src/api/upnpapi.c:2694, the SDK then proceeds to strcpy the control URL to the Param struct, resulting in stack-overwritey-badness. I might end up having to fix this, and if so will e-mail the package maintainer any patch I generate. For a temporary fix, increase NAME_SIZE in inc/upnp.h. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.13-skas3-v9-pre7 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
