After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 674322 - gupnp-protocol-info.c:parse_additional_info contains a possible memory corruption error
gupnp-protocol-info.c:parse_additional_info contains a possible memory corrup...
Status: RESOLVED FIXED
Product: gupnp-av
Classification: Other
Component: General
unspecified
Other Linux
: Normal major
: ---
Assigned To: GUPnP Maintainers
GUPnP Maintainers
Depends on:
Blocks:
 
 
Reported: 2012-04-18 12:06 UTC by Mark Ryan
Modified: 2019-02-22 05:57 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Patch to fix a memory corruption error in gupnp-protocol-info.c (1.12 KB, patch)
2012-04-18 12:06 UTC, Mark Ryan 		accepted-commit_now Details | Review
Version 2 of the patch, containing spaces instead of tabs (1.17 KB, patch)
2012-04-18 13:14 UTC, Mark Ryan 		committed Details | Review

Description Mark Ryan 2012-04-18 12:06:33 UTC 
Created attachment 212283 [details] [review]
Patch to fix a memory corruption error in gupnp-protocol-info.c

The problem occurs when parsing a protocol info string whose additional info contains a DLNA.ORG_FLAGS value that is less than 8 characters in length, e.g.,:::DLNA.ORG_FLAGS=

I realise this string is invalid but I guess there is nothing stopping a malicious or a broken DMS from specifying such a value.
Comment 1 Jens Georg 2012-04-18 12:28:25 UTC 
Review of attachment 212283 [details] [review]:

Ok
Comment 2 Mark Ryan 2012-04-18 13:14:01 UTC 
Created attachment 212292 [details] [review]
Version 2 of the patch, containing spaces instead of tabs

I've updated the patch to use spaces instead of tabs.  My editor was incorrectly configured when I created the first patch.