<div dir="ltr">Hi Philip,<div><br></div><div>Sorry for the delay.</div><div><br></div><div>I have applied your patches with a small modification to patch number 5 that was not compiling due to the use of "inline" in the function "is_end_path()".</div><div><br></div><div>Regards,</div><div>Marcelo.</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, May 1, 2014 at 5:26 PM, Philipp Matthias Hahn <span dir="ltr"><<a href="mailto:pmhahn@pmhahn.de" target="_blank">pmhahn@pmhahn.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
today I tried to debug a problem of VLC no longer being able to browse<br>
the MythTV UPnP server, which was reported in<br>
<<a href="http://www.mythtv.org/pipermail/mythtv-users/2013-October/354498.html" target="_blank">http://www.mythtv.org/pipermail/mythtv-users/2013-October/354498.html</a>>.<br>
<br>
It's a bug in src/genlib/net/uri/uri.c:581 resolve_rel_url(), which can<br>
be demonstrated by the following short programm:<br>
<br>
#include <stdlib.h><br>
#include <stdio.h><br>
#include <string.h><br>
<br>
const char psz_base_url[] = "<a href="http://192.168.178.33:6544/getDeviceDesc" target="_blank">http://192.168.178.33:6544/getDeviceDesc</a>";<br>
const char psz_event_sub_url[] = "CDS_Event";<br>
<br>
int main(void) {<br>
int ret;<br>
char *psz_url = (char *)malloc(strlen(psz_base_url) + strlen(psz_event_sub_url) + 1);<br>
<br>
ret = UpnpResolveURL(psz_base_url, psz_event_sub_url, psz_url);<br>
printf("%d %s\n", ret, psz_url);<br>
return 0;<br>
}<br>
<br>
It returns<br>
"<a href="http://192.168.178.33:6544/CDS_EventDesc" target="_blank">http://192.168.178.33:6544/CDS_EventDesc</a>"<br>
instead of<br>
"<a href="http://192.168.178.33:6544/CDS_Event" target="_blank">http://192.168.178.33:6544/CDS_Event</a>"; notice the trailing "Desc".<br>
<br>
<br>
This is causes by commit 0edaf336:<br>
Remove most of strcpy, sprintf and strcat<br>
<br>
Replace strcpy, sprintf and strcat by strncpy, snprintf and strncat to<br>
avoid buffer overflows.<br>
<br>
(forward port of commit 97a17ff5add73c97844e2fa74456bab4df0800f1)<br>
<br>
which blindly replaces several<br>
strcpy(dest, src)<br>
by<br>
strncpy(dest, src, strlen(src))<br>
, which are NOT equivalent, as strlen() returns the length without the<br>
ending '\0'. Thus the string is not terminated!<br>
<br>
<br>
I reviewed that commit and changed several cases to simply use strdup()<br>
instead of using strlen() every time.<br>
Fixing resolve_rel_url() took a lot longer than expected, because there<br>
were other problems hiding:<br>
1. The conversion from if() to switch() broke the getaddrinfo() logic,<br>
2. remove_dots() did not handle all cases from RFC 3986 correctly,<br>
3. resolve_rel_url() did not handle queries and fragments correctly.<br>
<br>
Please find attached my patch set including a new unit test; whith those<br>
applied I'm no able to at least get VLC to connect to MythTV using UPnP.<br>
But VLC/MythTV now has different problem...<br>
<br>
Sincerely<br>
<span class="HOEnZb"><font color="#888888">Philipp<br>
--<br>
/ / (_)__ __ ____ __ Philipp Hahn<br>
/ /__/ / _ \/ // /\ \/ /<br>
/____/_/_//_/\_,_/ /_/\_\ <a href="mailto:pmhahn@pmhahn.de">pmhahn@pmhahn.de</a><br>
</font></span></blockquote></div><br></div>