http://sourceforge.net/p/pupnp/code/ci/0398b1fc75935f3b2053dbc305d1c5afcac4d749/
Directly use strdup()
commit 0edaf3361db01425cae0daee7dc3f6039f381a17 replaced several
malloc()+strcpy() sequences with memset()+strncpy() using strlen().
This doesn't improve security and introduced a bug URI handling.
While reviewing this commit change the code to directly use strdup()
instead of re-implementing it multiple times, as shortens the code and
thus improves readability.
Signed-off-by: Marcelo Roberto Jimenez <mroberto@users.sourceforge.net>
(cherry picked from commit 04fb68432330c3a622161dda98dbe1b30eaa0927)
--- a/upnp/src/gena/gena_device.c
+++ b/upnp/src/gena/gena_device.c
@@ -480,24 +480,19 @@
}
*reference_count = 0;
- UDN_copy = (char *)malloc(strlen(UDN) + 1);
+ UDN_copy = strdup(UDN);
if (UDN_copy == NULL) {
line = __LINE__;
ret = UPNP_E_OUTOF_MEMORY;
goto ExitFunction;
}
- servId_copy = (char *)malloc(strlen(servId) + 1);
+ servId_copy = strdup(servId);
if (servId_copy == NULL) {
line = __LINE__;
ret = UPNP_E_OUTOF_MEMORY;
goto ExitFunction;
}
-
- memset(UDN_copy, 0, strlen(UDN) + 1);
- strncpy(UDN_copy, UDN, strlen(UDN));
- memset(servId_copy, 0, strlen(servId) + 1);
- strncpy(servId_copy, servId, strlen(servId));
HandleLock();
@@ -639,24 +634,19 @@
}
*reference_count = 0;
- UDN_copy = (char *)malloc(strlen(UDN) + 1);
+ UDN_copy = strdup(UDN);
if (UDN_copy == NULL) {
line = __LINE__;
ret = UPNP_E_OUTOF_MEMORY;
goto ExitFunction;
}
- servId_copy = (char *)malloc(strlen(servId) + 1);
+ servId_copy = strdup(servId);
if( servId_copy == NULL ) {
line = __LINE__;
ret = UPNP_E_OUTOF_MEMORY;
goto ExitFunction;
}
-
- memset(UDN_copy, 0, strlen(UDN) + 1);
- strncpy(UDN_copy, UDN, strlen(UDN));
- memset(servId_copy, 0, strlen(servId) + 1);
- strncpy(servId_copy, servId, strlen(servId));
HandleLock();
@@ -798,24 +788,19 @@
}
*reference_count = 0;
- UDN_copy = (char *)malloc(strlen(UDN) + 1);
+ UDN_copy = strdup(UDN);
if (UDN_copy == NULL) {
line = __LINE__;
ret = UPNP_E_OUTOF_MEMORY;
goto ExitFunction;
}
- servId_copy = (char *)malloc(strlen(servId) + 1);
+ servId_copy = strdup(servId);
if( servId_copy == NULL ) {
line = __LINE__;
ret = UPNP_E_OUTOF_MEMORY;
goto ExitFunction;
}
-
- memset(UDN_copy, 0, strlen(UDN) + 1);
- strncpy(UDN_copy, UDN, strlen(UDN));
- memset(servId_copy, 0, strlen(servId) + 1);
- strncpy(servId_copy, servId, strlen(servId));
propertySet = ixmlPrintNode((IXML_Node *)PropSet);
if (propertySet == NULL) {
@@ -944,24 +929,19 @@
}
*reference_count = 0;
- UDN_copy = (char *)malloc(strlen(UDN) + 1);
+ UDN_copy = strdup(UDN);
if (UDN_copy == NULL) {
line = __LINE__;
ret = UPNP_E_OUTOF_MEMORY;
goto ExitFunction;
}
- servId_copy = (char *)malloc(strlen(servId) + 1);
+ servId_copy = strdup(servId);
if( servId_copy == NULL ) {
line = __LINE__;
ret = UPNP_E_OUTOF_MEMORY;
goto ExitFunction;
}
-
- memset(UDN_copy, 0, strlen(UDN) + 1);
- strncpy(UDN_copy, UDN, strlen(UDN));
- memset(servId_copy, 0, strlen(servId) + 1);
- strncpy(servId_copy, servId, strlen(servId));
ret = GeneratePropertySet(VarNames, VarValues, var_count, &propertySet);
if (ret != XML_SUCCESS) {
--- a/upnp/src/genlib/net/http/webserver.c
+++ b/upnp/src/genlib/net/http/webserver.c
@@ -795,11 +795,9 @@
Instr->ReadSendSize = FileLength;
if (!ByteRangeSpecifier)
return HTTP_BAD_REQUEST;
- RangeInput = malloc(strlen(ByteRangeSpecifier) + 1);
+ RangeInput = strdup(ByteRangeSpecifier);
if (!RangeInput)
return HTTP_INTERNAL_SERVER_ERROR;
- memset(RangeInput, 0, strlen(ByteRangeSpecifier) + 1);
- strncpy(RangeInput, ByteRangeSpecifier, strlen(ByteRangeSpecifier));
/* CONTENT-RANGE: bytes 222-3333/4000 HTTP_PARTIAL_CONTENT */
if (StrStr(RangeInput, "bytes") == NULL ||
(Ptr = StrStr(RangeInput, "=")) == NULL) {
distrib
>
Mageia
>
5
>
x86_64
>
media
>
core-updates-src
>
by-pkgid
>
f3481c115b42490069a02f2faa8f70d6
>
files
>
1
