updated request for https://github.com/mrjimenez/pupnp/pull/6 #7
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…reeing a Node. This to aid in resource management for a scripting language with auto-garbage collection.
…g type for consistency.
…ntation will be generated
Added documentation/usage of SCRIPTSUPPORT to the README file.
changed some project settings to make debugging available (PDB file didn't match)
…on, this aligns with UpnpAcceptSubscription
mrjimenez
added a commit
that referenced
this pull request
Nov 13, 2012
updated request for https://github.com/mrjimenez/pupnp/pull/6
mrjimenez
added a commit
that referenced
this pull request
Jan 29, 2013
This patch addresses three possible buffer overflows in function unique_service_name(). The three issues have the folowing CVE numbers: CVE-2012-5958 Issue #2: Stack buffer overflow of Tempbuf CVE-2012-5959 Issue #4: Stack buffer overflow of Event->UDN CVE-2012-5960 Issue #8: Stack buffer overflow of Event->UDN Notice that the following issues have already been dealt by previous work: CVE-2012-5961 Issue #1: Stack buffer overflow of Evt->UDN CVE-2012-5962 Issue #3: Stack buffer overflow of Evt->DeviceType CVE-2012-5963 Issue #5: Stack buffer overflow of Event->UDN CVE-2012-5964 Issue #6: Stack buffer overflow of Event->DeviceType CVE-2012-5965 Issue #7: Stack buffer overflow of Event->DeviceType
mrjimenez
added a commit
that referenced
this pull request
Jan 29, 2013
This patch addresses three possible buffer overflows in function unique_service_name(). The three issues have the folowing CVE numbers: CVE-2012-5958 Issue #2: Stack buffer overflow of Tempbuf CVE-2012-5959 Issue #4: Stack buffer overflow of Event->UDN CVE-2012-5960 Issue #8: Stack buffer overflow of Event->UDN Notice that the following issues have already been dealt by previous work: CVE-2012-5961 Issue #1: Stack buffer overflow of Evt->UDN CVE-2012-5962 Issue #3: Stack buffer overflow of Evt->DeviceType CVE-2012-5963 Issue #5: Stack buffer overflow of Event->UDN CVE-2012-5964 Issue #6: Stack buffer overflow of Event->DeviceType CVE-2012-5965 Issue #7: Stack buffer overflow of Event->DeviceType (cherry picked from commit f015a13)
mrjimenez
added a commit
that referenced
this pull request
Nov 21, 2024
==1008254==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x507000000145 at pc 0x56086b6fe129 bp 0x7ffd0c0527d0 sp 0x7ffd0c0527c8
READ of size 1 at 0x507000000145 thread T0
#0 0x56086b6fe128 in Parser_getChar /home/mroberto/programs/pupnp/maint/github-creator/ixml/src/ixmlparser.c:999:35
#1 0x56086b6fcdb6 in Parser_copyToken /home/mroberto/programs/pupnp/maint/github-creator/ixml/src/ixmlparser.c:1163:7
#2 0x56086b6f7537 in Parser_processContent /home/mroberto/programs/pupnp/maint/github-creator/ixml/src/ixmlparser.c:1537:7
#3 0x56086b6f2818 in Parser_getNextNode /home/mroberto/programs/pupnp/maint/github-creator/ixml/src/ixmlparser.c:2067:9
#4 0x56086b6efa7f in Parser_parseDocument /home/mroberto/programs/pupnp/maint/github-creator/ixml/src/ixmlparser.c:2589:7
#5 0x56086b6eea2e in Parser_LoadDocument /home/mroberto/programs/pupnp/maint/github-creator/ixml/src/ixmlparser.c:2831:7
#6 0x56086b6e9be0 in ixmlLoadDocumentEx /home/mroberto/programs/pupnp/maint/github-creator/ixml/src/ixml.c:333:9
#7 0x56086b6de05a in CheckXML /home/mroberto/programs/pupnp/maint/github-creator/fuzzer/FuzzIxml.c:18:7
#8 0x56086b6de48e in LLVMFuzzerTestOneInput /home/mroberto/programs/pupnp/maint/github-creator/fuzzer/FuzzIxml.c:54:8
#9 0x56086b5e0052 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /home/abuild/rpmbuild/BUILD/llvm-19.1.3.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13
#10 0x56086b5c7c45 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /home/abuild/rpmbuild/BUILD/llvm-19.1.3.src/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:328:6
#11 0x56086b5cdee8 in fuzzer::FuzzerDriver(int*, char***, int(*)(unsigned char const*, unsigned long)) /home/abuild/rpmbuild/BUILD/llvm-19.1.3.src/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:863:9
#12 0x56086b5fa4b3 in main /home/abuild/rpmbuild/BUILD/llvm-19.1.3.src/projects/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#13 0x7f930a62a2ad in __libc_start_call_main /usr/src/debug/glibc-2.40/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#14 0x7f930a62a378 in __libc_start_main@GLIBC_2.2.5 /usr/src/debug/glibc-2.40/csu/../csu/libc-start.c:360:3
#15 0x56086b5c21a4 in _start /home/abuild/rpmbuild/BUILD/glibc-2.40/csu/../sysdeps/x86_64/start.S:115
0x507000000145 is located 0 bytes after 69-byte region [0x507000000100,0x507000000145) allocated by thread T0 here:
#0 0x56086b69c637 in malloc /home/abuild/rpmbuild/BUILD/llvm-19.1.3.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3
#1 0x56086b6eed0f in Parser_readFileOrBuffer /home/mroberto/programs/pupnp/maint/github-creator/ixml/src/ixmlparser.c:2778:13
#2 0x56086b6ee8d7 in Parser_LoadDocument /home/mroberto/programs/pupnp/maint/github-creator/ixml/src/ixmlparser.c:2824:7
#3 0x56086b6e9be0 in ixmlLoadDocumentEx /home/mroberto/programs/pupnp/maint/github-creator/ixml/src/ixml.c:333:9
#4 0x56086b6de05a in CheckXML /home/mroberto/programs/pupnp/maint/github-creator/fuzzer/FuzzIxml.c:18:7
#5 0x56086b6de48e in LLVMFuzzerTestOneInput /home/mroberto/programs/pupnp/maint/github-creator/fuzzer/FuzzIxml.c:54:8
#6 0x56086b5e0052 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /home/abuild/rpmbuild/BUILD/llvm-19.1.3.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13
#7 0x56086b5c7c45 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /home/abuild/rpmbuild/BUILD/llvm-19.1.3.src/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:328:6
#8 0x56086b5cdee8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /home/abuild/rpmbuild/BUILD/llvm-19.1.3.src/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:863:9
#9 0x56086b5fa4b3 in main /home/abuild/rpmbuild/BUILD/llvm-19.1.3.src/projects/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#10 0x7f930a62a2ad in __libc_start_call_main /usr/src/debug/glibc-2.40/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
mrjimenez
added a commit
that referenced
this pull request
Nov 21, 2024
==1008254==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x507000000145 at pc 0x56086b6fe129 bp 0x7ffd0c0527d0 sp 0x7ffd0c0527c8
READ of size 1 at 0x507000000145 thread T0
#0 0x56086b6fe128 in Parser_getChar /home/mroberto/programs/pupnp/maint/github-creator/ixml/src/ixmlparser.c:999:35
#1 0x56086b6fcdb6 in Parser_copyToken /home/mroberto/programs/pupnp/maint/github-creator/ixml/src/ixmlparser.c:1163:7
#2 0x56086b6f7537 in Parser_processContent /home/mroberto/programs/pupnp/maint/github-creator/ixml/src/ixmlparser.c:1537:7
#3 0x56086b6f2818 in Parser_getNextNode /home/mroberto/programs/pupnp/maint/github-creator/ixml/src/ixmlparser.c:2067:9
#4 0x56086b6efa7f in Parser_parseDocument /home/mroberto/programs/pupnp/maint/github-creator/ixml/src/ixmlparser.c:2589:7
#5 0x56086b6eea2e in Parser_LoadDocument /home/mroberto/programs/pupnp/maint/github-creator/ixml/src/ixmlparser.c:2831:7
#6 0x56086b6e9be0 in ixmlLoadDocumentEx /home/mroberto/programs/pupnp/maint/github-creator/ixml/src/ixml.c:333:9
#7 0x56086b6de05a in CheckXML /home/mroberto/programs/pupnp/maint/github-creator/fuzzer/FuzzIxml.c:18:7
#8 0x56086b6de48e in LLVMFuzzerTestOneInput /home/mroberto/programs/pupnp/maint/github-creator/fuzzer/FuzzIxml.c:54:8
#9 0x56086b5e0052 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /home/abuild/rpmbuild/BUILD/llvm-19.1.3.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13
#10 0x56086b5c7c45 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /home/abuild/rpmbuild/BUILD/llvm-19.1.3.src/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:328:6
#11 0x56086b5cdee8 in fuzzer::FuzzerDriver(int*, char***, int(*)(unsigned char const*, unsigned long)) /home/abuild/rpmbuild/BUILD/llvm-19.1.3.src/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:863:9
#12 0x56086b5fa4b3 in main /home/abuild/rpmbuild/BUILD/llvm-19.1.3.src/projects/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#13 0x7f930a62a2ad in __libc_start_call_main /usr/src/debug/glibc-2.40/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#14 0x7f930a62a378 in __libc_start_main@GLIBC_2.2.5 /usr/src/debug/glibc-2.40/csu/../csu/libc-start.c:360:3
#15 0x56086b5c21a4 in _start /home/abuild/rpmbuild/BUILD/glibc-2.40/csu/../sysdeps/x86_64/start.S:115
0x507000000145 is located 0 bytes after 69-byte region [0x507000000100,0x507000000145) allocated by thread T0 here:
#0 0x56086b69c637 in malloc /home/abuild/rpmbuild/BUILD/llvm-19.1.3.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3
#1 0x56086b6eed0f in Parser_readFileOrBuffer /home/mroberto/programs/pupnp/maint/github-creator/ixml/src/ixmlparser.c:2778:13
#2 0x56086b6ee8d7 in Parser_LoadDocument /home/mroberto/programs/pupnp/maint/github-creator/ixml/src/ixmlparser.c:2824:7
#3 0x56086b6e9be0 in ixmlLoadDocumentEx /home/mroberto/programs/pupnp/maint/github-creator/ixml/src/ixml.c:333:9
#4 0x56086b6de05a in CheckXML /home/mroberto/programs/pupnp/maint/github-creator/fuzzer/FuzzIxml.c:18:7
#5 0x56086b6de48e in LLVMFuzzerTestOneInput /home/mroberto/programs/pupnp/maint/github-creator/fuzzer/FuzzIxml.c:54:8
#6 0x56086b5e0052 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /home/abuild/rpmbuild/BUILD/llvm-19.1.3.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13
#7 0x56086b5c7c45 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /home/abuild/rpmbuild/BUILD/llvm-19.1.3.src/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:328:6
#8 0x56086b5cdee8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /home/abuild/rpmbuild/BUILD/llvm-19.1.3.src/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:863:9
#9 0x56086b5fa4b3 in main /home/abuild/rpmbuild/BUILD/llvm-19.1.3.src/projects/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#10 0x7f930a62a2ad in __libc_start_call_main /usr/src/debug/glibc-2.40/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
including readme update etc.
See https://github.com/mrjimenez/pupnp/pull/6