[vlc-commits] modules: Use UpnpResolveURL2 API instead of UpnpResolveURL

Thu, 23 May 2019 08:40:56 -0700 

vlc/vlc-3.0 | branch: master | Will Newton <[email protected]> | Tue Feb 12 
16:33:17 2019 +0000| [f141823654dbd20b6cc68eaa2bed4281f9914983] | committer: 
Hugo Beauzée-Luyssen

modules: Use UpnpResolveURL2 API instead of UpnpResolveURL

The UpnpResolveURL APi is very hard to use correctly and can
result in buffer overflow issues. Use the UpnpResolveURL2 API
instead and fix two small buffer overflows.

https://hackerone.com/reports/494841

Signed-off-by: Will Newton <[email protected]>
Signed-off-by: Hugo Beauzée-Luyssen <[email protected]>
(cherry picked from commit 18a463930511f908733e95906abbeb43430ee09d)
Signed-off-by: Hugo Beauzée-Luyssen <[email protected]>

> http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=f141823654dbd20b6cc68eaa2bed4281f9914983
---

 modules/services_discovery/upnp.cpp | 27 +++++++++++----------------
 1 file changed, 11 insertions(+), 16 deletions(-)

diff --git a/modules/services_discovery/upnp.cpp 
b/modules/services_discovery/upnp.cpp
index af036bda36..f1037c82c8 100644
--- a/modules/services_discovery/upnp.cpp
+++ b/modules/services_discovery/upnp.cpp
@@ -507,25 +507,20 @@ void MediaServerList::parseNewServer( IXML_Document *doc, 
const std::string &loc
             }
 
             /* Try to browse content directory. */
-            char* psz_url = ( char* ) malloc( strlen( psz_base_url ) + strlen( 
psz_control_url ) + 1 );
-            if ( psz_url )
+            char* psz_url = NULL;
+            if ( UpnpResolveURL2( psz_base_url, psz_control_url, &psz_url ) == 
UPNP_E_SUCCESS )
             {
-                if ( UpnpResolveURL( psz_base_url, psz_control_url, psz_url ) 
== UPNP_E_SUCCESS )
-                {
-                    SD::MediaServerDesc* p_server = new(std::nothrow) 
SD::MediaServerDesc( psz_udn,
-                            psz_friendly_name, psz_url, iconUrl );
-                    free( psz_url );
-                    if ( unlikely( !p_server ) )
-                        break;
+                SD::MediaServerDesc* p_server = new(std::nothrow) 
SD::MediaServerDesc( psz_udn,
+                    psz_friendly_name, psz_url, iconUrl );
+                free( psz_url );
+                if ( unlikely( !p_server ) )
+                    break;
 
-                    if ( !addServer( p_server ) )
-                    {
-                        delete p_server;
-                        continue;
-                    }
+                if ( !addServer( p_server ) )
+                {
+                    delete p_server;
+                    continue;
                 }
-                else
-                    free( psz_url );
             }
         }
         ixmlNodeList_free( p_service_list );

_______________________________________________
vlc-commits mailing list
[email protected]
https://mailman.videolan.org/listinfo/vlc-commits

Reply via email to