Hello community,

here is the log from the commit of package openslp for openSUSE:Factory checked 
in at 2016-09-17 14:36:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openslp (Old)
 and      /work/SRC/openSUSE:Factory/.openslp.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "openslp"

Changes:
--------
--- /work/SRC/openSUSE:Factory/openslp/openslp.changes  2015-03-23 
12:14:25.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.openslp.new/openslp.changes     2016-09-17 
14:36:51.000000000 +0200
@@ -1,0 +2,17 @@
+Mon Sep 12 14:23:15 CEST 2016 - m...@suse.de
+
+- remove convenience code as changes bytes in the message
+  buffer breaking the verification code [bnc#994989]
+  new patch: openslp.noconvenience.diff
+- fix storage handling in predicate code, it clashed with gcc's
+  fortify_source extension [bnc#909195]
+  new patch: openslp.predicatestorage.diff
+- bring back allowDoubleEqualInPredicate option
+  new patch: openslp.doubleequal.diff
+- fix bug in openslp.initda.diff patch
+- fix rcopenslp helper
+- fix _xrealloc not checking the malloc return value
+  [bnc#980722] [CVE-2016-4912]
+  new patch: openslp.xrealloc.diff
+
+-------------------------------------------------------------------

New:
----
  openslp.doubleequal.diff
  openslp.noconvenience.diff
  openslp.predicatestorage.diff
  openslp.xrealloc.diff

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ openslp.spec ++++++
--- /var/tmp/diff_new_pack.LWW0j7/_old  2016-09-17 14:36:53.000000000 +0200
+++ /var/tmp/diff_new_pack.LWW0j7/_new  2016-09-17 14:36:53.000000000 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package openslp
 #
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -57,6 +57,10 @@
 Patch10:        openslp.tcplocal.diff
 Patch11:        openslp.localtime.diff
 Patch12:        openslp.sd_notify.diff
+Patch13:        openslp.predicatestorage.diff
+Patch14:        openslp.doubleequal.diff
+Patch15:        openslp.noconvenience.diff
+Patch16:        openslp.xrealloc.diff
 
 %description
 Service Location Protocol is an IETF standards track protocol that
@@ -121,6 +125,11 @@
 %if 0%{?has_systemd}
 %patch12
 %endif
+%patch13
+%patch14
+%patch15
+%patch16
+
 %build
 autoreconf -fiv
 %configure --disable-static --with-pic --enable-slpv1 \
@@ -148,7 +157,11 @@
    ${RPM_BUILD_ROOT}%_defaultdocdir/%name
 %if 0%{?has_systemd}
 ln -s %{_sbindir}/service ${RPM_BUILD_ROOT}/usr/sbin/rcslpd
-ln -s %{_sbindir}/service ${RPM_BUILD_ROOT}/usr/sbin/rcopenslp
+cat > ${RPM_BUILD_ROOT}/usr/sbin/rcopenslp <<'EOF'
+#!/bin/sh
+exec /usr/sbin/rcslpd "$@"
+EOF
+chmod 755 ${RPM_BUILD_ROOT}/usr/sbin/rcopenslp
 %else
 mkdir -p ${RPM_BUILD_ROOT}/etc/init.d/
 install -m 755 %{SOURCE1} ${RPM_BUILD_ROOT}/etc/init.d/slpd

++++++ openslp.doubleequal.diff ++++++
--- ./slpd/slpd_predicate.c.orig        2014-12-15 14:11:36.181812237 +0000
+++ ./slpd/slpd_predicate.c     2014-12-15 14:20:00.441759165 +0000
@@ -66,6 +66,7 @@
 #include "slp_xmalloc.h"
 
 #include "slpd_predicate.h"
+#include "slpd_property.h"
 
 /* Parse character definitions. */
 #define BRACKET_OPEN '('
@@ -1633,6 +1634,11 @@ SLPDPredicateParseResult createPredicate
                op = EQUAL;
       }
 
+      if (op == EQUAL && G_SlpdProperty.allowDoubleEqualInPredicate && 
operator[1] == '=')
+      {
+         val_start++;
+      }
+
       /***** Get operands. *****/
       /**** Left. ****/
       lhs_len = operator - cur;
--- ./slpd/slpd_property.c.orig 2014-12-15 14:09:49.294246247 +0000
+++ ./slpd/slpd_property.c      2014-12-15 14:11:21.587871548 +0000
@@ -250,6 +250,7 @@ void SLPDPropertyReinit(void)
    G_SlpdProperty.myHostnameLen = strlen(G_SlpdProperty.myHostname);
 
    G_SlpdProperty.hardMTU = SLPPropertyAsBoolean("net.slp.hardMTU");
+   G_SlpdProperty.allowDoubleEqualInPredicate = 
SLPPropertyAsBoolean("net.slp.allowDoubleEqualInPredicate");
 
    G_SlpdProperty.DASyncReg = SLPPropertyAsBoolean("net.slp.DASyncReg");
    G_SlpdProperty.isDABackup = SLPPropertyAsBoolean("net.slp.isDABackup");
--- ./slpd/slpd_property.h.orig 2014-12-15 14:09:43.647269171 +0000
+++ ./slpd/slpd_property.h      2014-12-15 14:10:24.932101603 +0000
@@ -118,6 +118,7 @@ typedef struct _SLPDProperty
    int useDHCP;
    int oversizedUDP;
    int hardMTU;
+   int allowDoubleEqualInPredicate;
 
    int DASyncReg;
    int isDABackup;
++++++ openslp.initda.diff ++++++
--- /var/tmp/diff_new_pack.LWW0j7/_old  2016-09-17 14:36:53.000000000 +0200
+++ /var/tmp/diff_new_pack.LWW0j7/_new  2016-09-17 14:36:53.000000000 +0200
@@ -1,5 +1,5 @@
---- ./common/slp_message.h.orig        2014-02-19 18:05:26.154934647 +0000
-+++ ./common/slp_message.h     2014-02-19 18:05:31.755934637 +0000
+--- ./common/slp_message.h.orig        2016-09-13 10:56:06.324486007 +0000
++++ ./common/slp_message.h     2016-09-13 10:56:14.214459554 +0000
 @@ -126,6 +126,7 @@
  #define SLP_REG_SOURCE_REMOTE    1  /* from a remote host    */
  #define SLP_REG_SOURCE_LOCAL     2  /* from localhost or IPC */
@@ -8,8 +8,8 @@
  
  #define SLP_REG_WATCH_TCP        (1<<0)
  #define SLP_REG_WATCH_UDP        (1<<1)
---- ./common/slp_property.c.orig       2014-02-19 18:05:26.154934647 +0000
-+++ ./common/slp_property.c    2014-02-19 18:05:31.755934637 +0000
+--- ./common/slp_property.c.orig       2016-09-13 10:56:06.324486007 +0000
++++ ./common/slp_property.c    2016-09-13 10:56:14.215459551 +0000
 @@ -176,6 +176,11 @@ static int SetDefaultValues(void)
     /* Additional properties that are specific to IPv6 */
        {"net.slp.useIPv6", "false", 0},
@@ -23,7 +23,7 @@
  
     int i;
 --- ./etc/slp.conf.orig        2012-11-28 17:07:04.000000000 +0000
-+++ ./etc/slp.conf     2014-02-19 18:05:31.756934637 +0000
++++ ./etc/slp.conf     2016-09-13 10:56:14.215459551 +0000
 @@ -23,6 +23,20 @@
  # which DAs to use.  (Default is to use dynamic DA discovery)
  ;net.slp.DAAddresses = myDa1,myDa2,myDa3
@@ -46,7 +46,7 @@
  #----------------------------------------------------------------------------
  # DA Specific Configuration
 --- ./slpd/Makefile.am.orig    2012-11-28 17:07:04.000000000 +0000
-+++ ./slpd/Makefile.am 2014-02-19 18:05:31.756934637 +0000
++++ ./slpd/Makefile.am 2016-09-13 10:56:14.216459548 +0000
 @@ -73,7 +73,8 @@ slpd_SOURCES = \
        slpd_property.c \
        slpd_regfile.c \
@@ -67,8 +67,8 @@
      
  #if you're building on Irix, replace .la with .a below
  slpd_LDADD = ../common/libcommonslpd.la ../libslpattr/libslpattr.la
---- ./slpd/slpd_database.c.orig        2014-02-19 18:05:26.161934647 +0000
-+++ ./slpd/slpd_database.c     2014-02-19 18:05:55.042934596 +0000
+--- ./slpd/slpd_database.c.orig        2016-09-13 10:56:06.332485980 +0000
++++ ./slpd/slpd_database.c     2016-09-13 10:56:14.217459544 +0000
 @@ -50,6 +50,7 @@
  #define _GNU_SOURCE
  #include <string.h>
@@ -245,8 +245,8 @@
  #ifdef DEBUG
  /** Cleans up all resources used by the database.
   */
---- ./slpd/slpd_database.h.orig        2014-02-19 18:05:26.155934647 +0000
-+++ ./slpd/slpd_database.h     2014-02-19 18:05:31.758934637 +0000
+--- ./slpd/slpd_database.h.orig        2016-09-13 10:56:06.326486000 +0000
++++ ./slpd/slpd_database.h     2016-09-13 10:56:14.217459544 +0000
 @@ -105,7 +105,8 @@ int SLPDDatabaseIsEmpty(void);
  int SLPDDatabaseInit(const char * regfile);
  int SLPDDatabaseReInit();
@@ -257,8 +257,8 @@
  
  #ifdef DEBUG
  void SLPDDatabaseDeinit(void);
---- ./slpd/slpd_initda.c.orig  2014-02-19 18:05:31.759934637 +0000
-+++ ./slpd/slpd_initda.c       2014-02-19 18:05:31.759934637 +0000
+--- ./slpd/slpd_initda.c.orig  2016-09-13 10:56:14.218459541 +0000
++++ ./slpd/slpd_initda.c       2016-09-13 10:56:14.218459541 +0000
 @@ -0,0 +1,396 @@
 +#include <stdio.h>
 +#include <string.h>
@@ -656,8 +656,8 @@
 +    return gresult;
 +}
 +
---- ./slpd/slpd_initda.h.orig  2014-02-19 18:05:31.759934637 +0000
-+++ ./slpd/slpd_initda.h       2014-02-19 18:05:31.759934637 +0000
+--- ./slpd/slpd_initda.h.orig  2016-09-13 10:56:14.218459541 +0000
++++ ./slpd/slpd_initda.h       2016-09-13 10:56:14.218459541 +0000
 @@ -0,0 +1,16 @@
 +#ifndef SLPD_INITDA_H_INCLUDED
 +#define SLPD_INITDA_H_INCLUDED
@@ -675,8 +675,8 @@
 +#endif        /* SLPD_INITDA_H_INCLUDED */
 +
 +/*=========================================================================*/
---- ./slpd/slpd_log.c.orig     2014-02-19 18:05:26.156934647 +0000
-+++ ./slpd/slpd_log.c  2014-02-19 18:05:31.760934637 +0000
+--- ./slpd/slpd_log.c.orig     2016-09-13 10:56:06.326486000 +0000
++++ ./slpd/slpd_log.c  2016-09-13 10:56:14.219459537 +0000
 @@ -509,6 +509,12 @@ void SLPDLogRegistration(const char * pr
           case SLP_REG_SOURCE_STATIC:
              SLPDLog("static (slp.reg)\n");
@@ -690,8 +690,8 @@
        }
        SLPDLogBuffer("    service-url = ",
              entry->msg->body.srvreg.urlentry.urllen,
---- ./slpd/slpd_main.c.orig    2014-02-19 18:05:26.156934647 +0000
-+++ ./slpd/slpd_main.c 2014-02-19 18:05:31.760934637 +0000
+--- ./slpd/slpd_main.c.orig    2016-09-13 10:56:06.326486000 +0000
++++ ./slpd/slpd_main.c 2016-09-13 10:57:32.988195569 +0000
 @@ -57,6 +57,7 @@
  #include "slp_xmalloc.h"
  #include "slp_xid.h"
@@ -771,10 +771,15 @@
     /* init watcher */
     SLPDDatabaseWatcher();
  
-@@ -677,6 +712,38 @@ int main(int argc, char * argv[])
+@@ -677,6 +712,43 @@ int main(int argc, char * argv[])
     if (SetUpSignalHandlers())
        SLPDFatal("Error setting up signal handlers.\n");
  
++   if (G_SlpdProperty.isDA && G_SlpdProperty.isDABackup && DABackupfp)
++   {
++      SLPDDatabaseReadDABackup(DABackupfp);
++   }
++
 +   if((G_SlpdProperty.isDA) && (G_SlpdProperty.DASyncReg))
 +   {
 +      /* HACK: at that point in time all outgoing sockets are DA connections
@@ -810,7 +815,7 @@
     /* Set up alarm to age database -- a shorter start, so SAs register with 
us quickly on our startup */
     alarm(2);
  
-@@ -748,6 +815,22 @@ HANDLE_SIGNAL:
+@@ -748,6 +820,22 @@ HANDLE_SIGNAL:
        }
  #endif
  
@@ -833,9 +838,9 @@
     } /* End of main loop */
  
     /* Got SIGTERM */
---- ./slpd/slpd_property.c.orig        2014-02-19 18:05:26.160934647 +0000
-+++ ./slpd/slpd_property.c     2014-02-19 18:05:31.760934637 +0000
-@@ -247,6 +247,11 @@ void SLPDPropertyReinit(void)
+--- ./slpd/slpd_property.c.orig        2016-09-13 10:56:06.330485986 +0000
++++ ./slpd/slpd_property.c     2016-09-13 10:56:14.220459534 +0000
+@@ -248,6 +248,11 @@ void SLPDPropertyReinit(void)
     /* set up hostname */
     G_SlpdProperty.myHostname = SLPDGetCanonHostname();
     G_SlpdProperty.myHostnameLen = strlen(G_SlpdProperty.myHostname);
@@ -847,8 +852,8 @@
  }
  
  /** Initialize the slpd property management subsystem.
---- ./slpd/slpd_property.h.orig        2014-02-19 18:05:26.160934647 +0000
-+++ ./slpd/slpd_property.h     2014-02-19 18:05:31.760934637 +0000
+--- ./slpd/slpd_property.h.orig        2016-09-13 10:56:06.330485986 +0000
++++ ./slpd/slpd_property.h     2016-09-13 10:56:14.220459534 +0000
 @@ -117,6 +117,11 @@ typedef struct _SLPDProperty
     int MTU;
     int useDHCP;
@@ -861,8 +866,8 @@
  } SLPDProperty;
  
  extern SLPDProperty G_SlpdProperty;
---- ./slpd/slpd_regfile.c.orig 2014-02-19 18:05:26.156934647 +0000
-+++ ./slpd/slpd_regfile.c      2014-02-19 18:05:31.760934637 +0000
+--- ./slpd/slpd_regfile.c.orig 2016-09-13 10:56:06.327485996 +0000
++++ ./slpd/slpd_regfile.c      2016-09-13 10:56:14.221459531 +0000
 @@ -108,15 +108,190 @@ static char * RegFileReadLine(FILE * fd,
     return line;
  }
@@ -1332,7 +1337,7 @@
  }
  
 --- ./slpd/slpd_regfile.h.orig 2012-11-28 17:07:04.000000000 +0000
-+++ ./slpd/slpd_regfile.h      2014-02-19 18:05:31.760934637 +0000
++++ ./slpd/slpd_regfile.h      2016-09-13 10:56:14.221459531 +0000
 @@ -53,7 +53,12 @@
  #include "slp_message.h"
  #include "slpd.h"

++++++ openslp.noconvenience.diff ++++++
--- ./common/slp_auth.c.orig    2016-09-12 14:33:58.923718969 +0000
+++ ./common/slp_auth.c 2016-09-12 14:35:19.660448155 +0000
@@ -237,6 +237,7 @@ static int SLPAuthSignDigest(int spistrl
    curpos += spistrlen;
 
    /* sign the digest and put it in the authblock */
+   memset(curpos, 0, signaturelen);
    if (SLPCryptoDSASign(key, digest, SLPAUTH_SHA1_DIGEST_SIZE, 
          curpos, &signaturelen))
    {
--- ./common/slp_crypto.c.orig  2016-09-12 14:30:13.053476772 +0000
+++ ./common/slp_crypto.c       2016-09-12 14:31:32.443210397 +0000
@@ -153,6 +153,20 @@ int SLPCryptoDSASign(SLPCryptoDSAKey * k
 int SLPCryptoDSAVerify(SLPCryptoDSAKey * key, const unsigned char * digest,
       int digestlen, const unsigned char * signature, int signaturelen)
 {
+   /* newer openssl versions need the exact size. trim down. */
+   if (signaturelen > 2 && *signature == 0x30)
+   {
+     int l = 0;
+     if (signature[1] < 128)
+        l = 2 + signature[1];
+     else if (signature[1] == 129)
+        l = 3 + signature[2];
+     else if (signature[1] == 130)
+        l = 4 + (signature[2] << 8 | signature[3]);
+     if (l && l < signaturelen)
+        signaturelen = l;
+   }
+
    /* it does not look like the type param is used? */
    /* broken DSA_verify() declaration */
    return DSA_verify(0, digest, digestlen, (unsigned char *)signature,
--- ./common/slp_v2message.c.orig       2016-09-12 10:51:36.284400063 +0000
+++ ./common/slp_v2message.c    2016-09-12 10:55:19.553648752 +0000
@@ -150,13 +150,6 @@ static int v2ParseUrlEntry(SLPBuffer buf
    }
    urlentry->opaquelen = buffer->curpos - urlentry->opaque;
 
-   /* Terminate the URL string for caller convenience - we're overwriting 
-    * the first byte of the "# of URL auths" field, but it's okay because
-    * we've already read and stored it away.
-    */
-   if(urlentry->url)
-      ((uint8_t *)urlentry->url)[urlentry->urllen] = 0;
-
    return 0;
 }
 
@@ -543,12 +536,6 @@ static int v2ParseAttrRply(SLPBuffer buf
       }
    }
 
-   /* Terminate the attr list for caller convenience - overwrites the
-    * first byte of the "# of AttrAuths" field, but we've processed it. 
-    */
-   if(attrrply->attrlist)
-      ((uint8_t *)attrrply->attrlist)[attrrply->attrlistlen] = 0;
-
    return 0;
 }
 
@@ -643,13 +630,6 @@ static int v2ParseDAAdvert(SLPBuffer buf
       }
    }
 
-   /* Terminate the URL string for caller convenience - we're overwriting 
-    * the first byte of the "Length of <scope-list>" field, but it's okay 
-    * because we've already read and stored it away.
-    */
-   if(daadvert->url)
-      ((uint8_t *)daadvert->url)[daadvert->urllen] = 0;
-
    return 0;
 }
 
@@ -749,14 +729,6 @@ static int v2ParseSrvTypeRply(SLPBuffer
    if (buffer->curpos > buffer->end)
       return SLP_ERROR_PARSE_ERROR;
 
-   /* Terminate the service type list string for caller convenience - while 
-    * it appears that we're writing one byte past the end of the buffer here, 
-    * it's not so - message buffers are always allocated one byte larger than 
-    * requested for just this reason.
-    */
-   if(srvtyperply->srvtypelist)
-      ((uint8_t *)srvtyperply->srvtypelist)[srvtyperply->srvtypelistlen] = 0;
-
    return 0;
 }
 
@@ -825,13 +797,6 @@ static int v2ParseSAAdvert(SLPBuffer buf
       }
    }
 
-   /* Terminate the URL string for caller convenience - we're overwriting 
-    * the first byte of the "Length of <scope-list>" field, but it's okay 
-    * because we've already read and stored it away.
-    */
-   if(saadvert->url)
-      ((uint8_t *)saadvert->url)[saadvert->urllen] = 0;
-
    return 0;
 }
 
--- ./libslp/libslp_findattrs.c.orig    2016-09-12 10:57:02.363303412 +0000
+++ ./libslp/libslp_findattrs.c 2016-09-12 10:58:41.416970996 +0000
@@ -98,6 +98,9 @@ static SLPBoolean ProcessAttrRplyCallbac
                return SLP_TRUE;  /* Authentication failure. */
             }
 #endif
+            /* TRICKY: null terminate the attrlist by setting the authcount to 
0 */
+            ((char*)(attrrply->attrlist))[attrrply->attrlistlen] = 0;
+
             /* Call the user's callback function. */
             result = handle->params.findattrs.callback(handle,
                   attrrply->attrlist, (SLPError)(-attrrply->errorcode), 
--- ./libslp/libslp_findsrvs.c.orig     2016-09-12 10:57:07.995284521 +0000
+++ ./libslp/libslp_findsrvs.c  2016-09-12 11:26:08.220430148 +0000
@@ -227,6 +227,9 @@ static SLPBoolean ProcessSrvRplyCallback
                      && SLPAuthVerifyUrl(handle->hspi, 1, &urlentry[i]))
                   continue; /* Authentication failed, skip this URLEntry. */
 #endif
+               /* TRICKY: null terminate the url by setting the authcount to 0 
*/
+               ((char*)(urlentry[i].url))[urlentry[i].urllen] = 0;
+
                result = CollateToSLPSrvURLCallback(handle, urlentry[i].url, 
                      (unsigned short)urlentry[i].lifetime, SLP_OK, peeraddr);
                if (result == SLP_FALSE)
@@ -245,6 +248,9 @@ static SLPBoolean ProcessSrvRplyCallback
                return SLP_TRUE;
             }
 #endif
+            /* TRICKY: null terminate the url by setting the scope list length 
to 0 */
+            ((char 
*)replymsg->body.daadvert.url)[replymsg->body.daadvert.urllen] = 0;
+
             result = CollateToSLPSrvURLCallback(handle, 
                   replymsg->body.daadvert.url, SLP_LIFETIME_MAXIMUM, 
                   SLP_OK, peeraddr);
@@ -260,6 +266,9 @@ static SLPBoolean ProcessSrvRplyCallback
                return SLP_TRUE;
             }
 #endif
+            /* TRICKY: null terminate the url by setting the scope list length 
to 0 */
+            ((char 
*)replymsg->body.saadvert.url)[replymsg->body.saadvert.urllen] = 0;
+
             result = CollateToSLPSrvURLCallback(handle, 
                   replymsg->body.saadvert.url, SLP_LIFETIME_MAXIMUM, 
                   SLP_OK, peeraddr);
--- ./libslp/libslp_findsrvtypes.c.orig 2016-09-12 10:57:15.275260063 +0000
+++ ./libslp/libslp_findsrvtypes.c      2016-09-12 11:03:41.863964662 +0000
@@ -175,8 +175,13 @@ static SLPBoolean ProcessSrvTypeRplyCall
       {
          SLPSrvTypeRply * srvtyperply = &replymsg->body.srvtyperply;
          if (srvtyperply->srvtypelistlen)
+         {
+            /* TRICKY: null terminate the srvtypelist by setting the last byte 
0 */
+            ((char*)(srvtyperply->srvtypelist))[srvtyperply->srvtypelistlen] = 
0;
+
             result = CollateToSLPSrvTypeCallback((SLPHandle)handle, 
                   srvtyperply->srvtypelist, srvtyperply->errorcode * -1);
+         }
       }
       SLPMessageFree(replymsg);
    }
--- ./libslp/libslp_knownda.c.orig      2016-09-12 10:57:21.083240529 +0000
+++ ./libslp/libslp_knownda.c   2016-09-12 11:07:26.178207707 +0000
@@ -335,6 +335,8 @@ static SLPBoolean KnownDADiscoveryCallba
       {
          SLPParsedSrvUrl * srvurl;
 
+         /* TRICKY: NULL terminate the DA url */
+         
((char*)(replymsg->body.daadvert.url))[replymsg->body.daadvert.urllen] = 0;
          if (SLPParseSrvUrl(replymsg->body.daadvert.urllen,
                             replymsg->body.daadvert.url, &srvurl) == 0)
          {
@@ -993,14 +995,22 @@ void KnownDAProcessSrvRqst(SLPHandleInfo
       {
          SLPBoolean cb_result;
          SLPDatabaseEntry * entry = SLPDatabaseEnum(dh);
+         char tmp;
          if (!entry)
             break;
 
+         /* TRICKY temporary null termination of DA url */
+         tmp = entry->msg->body.daadvert.url[entry->msg->body.daadvert.urllen];
+         
((char*)(entry->msg->body.daadvert.url))[entry->msg->body.daadvert.urllen] = 0;
+
          /* Call the SrvURLCallback. */
          cb_result = handle->params.findsrvs.callback(handle,
                entry->msg->body.daadvert.url, SLP_LIFETIME_MAXIMUM,
                SLP_OK, handle->params.findsrvs.cookie);
 
+         /* TRICKY: undo temporary null termination of DA url */
+         
((char*)(entry->msg->body.daadvert.url))[entry->msg->body.daadvert.urllen] = 
tmp;
+
          /* Does the caller want more? */
          if (cb_result == SLP_FALSE)
             break;
--- ./slpd/slpd_regfile.c.orig  2016-09-12 11:12:02.353273706 +0000
+++ ./slpd/slpd_regfile.c       2016-09-12 14:29:17.611662818 +0000
@@ -657,7 +657,7 @@ int SLPDRegFileWriteSrvReg(FILE * fd, SL
 
    if (fd)
    {
-      fprintf(fd, "%s,%s,%d\n", msg->body.srvreg.urlentry.url, 
msg->header.langtag, msg->body.srvreg.urlentry.lifetime);
+      fprintf(fd, "%.*s,%s,%d\n", (int)(msg->body.srvreg.urlentry.urllen), 
msg->body.srvreg.urlentry.url, msg->header.langtag, 
msg->body.srvreg.urlentry.lifetime);
       if (msg->body.srvreg.source == SLP_REG_SOURCE_PULL_PEER_DA)
          fprintf(fd, "slp-source=pulled-from-da-%s\n", 
SLPNetSockAddrStorageToString(&msg->peer, addr_str, sizeof(addr_str)));
       else if (msg->body.srvreg.source == SLP_REG_SOURCE_LOCAL)
++++++ openslp.predicatestorage.diff ++++++
--- ./slpd/slpd_predicate.c.orig        2014-12-15 13:07:38.636640141 +0000
+++ ./slpd/slpd_predicate.c     2014-12-15 13:10:09.507004676 +0000
@@ -1643,7 +1643,7 @@ SLPDPredicateParseResult createPredicate
       rhs = val_start;
 
       /***** Create leaf node. *****/
-      *ppNode = (SLPDPredicateTreeNode *)xmalloc(sizeof 
(SLPDPredicateTreeNode) + lhs_len + rhs_len);
+      *ppNode = (SLPDPredicateTreeNode *)xmalloc(sizeof 
(SLPDPredicateTreeNode) + lhs_len + 1 + rhs_len + 1);
       if (!(*ppNode))
          return PREDICATE_PARSE_INTERNAL_ERROR;
 
@@ -1653,7 +1653,7 @@ SLPDPredicateParseResult createPredicate
       /* Finished with "operator" now - just use as temporary pointer to 
assist with copying the
        * attribute name (lhs) and required value (rhs) into the node
        */
-      operator = (*ppNode)->nodeBody.comparison.storage;
+      operator = (char *)((*ppNode) + 1);
       strncpy(operator, lhs, lhs_len);
       operator[lhs_len] = '\0';
       (*ppNode)->nodeBody.comparison.tag_len = lhs_len;
@@ -1853,7 +1853,7 @@ SLPDPredicateParseResult createPredicate
       rhs = val_start;
 
       /***** Create leaf node. *****/
-      *ppNode = (SLPDPredicateTreeNode *)xmalloc(sizeof 
(SLPDPredicateTreeNode) + lhs_len + rhs_len);
+      *ppNode = (SLPDPredicateTreeNode *)xmalloc(sizeof 
(SLPDPredicateTreeNode) + lhs_len + 1 + rhs_len + 1);
       if (!(*ppNode))
          return PREDICATE_PARSE_INTERNAL_ERROR;
 
@@ -1863,7 +1863,7 @@ SLPDPredicateParseResult createPredicate
       /* Finished with "operator" now - just use as temporary pointer to 
assist with copying the
        * attribute name (lhs) and required value (rhs) into the node
        */
-      operator = (*ppNode)->nodeBody.comparison.storage;
+      operator = (char *)((*ppNode) + 1);
       strncpy(operator, lhs, lhs_len);
       operator[lhs_len] = '\0';
       (*ppNode)->nodeBody.comparison.tag_len = lhs_len;
--- ./slpd/slpd_predicate.h.orig        2014-12-15 13:07:43.084621416 +0000
+++ ./slpd/slpd_predicate.h     2014-12-15 13:08:00.738547083 +0000
@@ -98,7 +98,6 @@ typedef struct __SLPDPredicateTreeNode
          char *tag_str;
          size_t value_len;
          char *value_str;
-         char storage[2];
       } comparison;
    } nodeBody;
 } SLPDPredicateTreeNode;
++++++ openslp.xrealloc.diff ++++++
--- ./common/slp_xmalloc.c.orig 2016-09-13 11:46:35.749065088 +0000
+++ ./common/slp_xmalloc.c      2016-09-13 11:48:03.785749186 +0000
@@ -203,6 +203,8 @@ void * _xrealloc(const char * file, int
       if (x->size != size)
       {
          newptr = _xmalloc(file, line, size);
+         if (!newptr)
+            return 0;
          memcpy(newptr, ptr, x->size);
          _xfree(file, line, x);
       }


Reply via email to