GNOME Bugzilla – Bug 711063
Assorted bug fixes
Last modified: 2015-05-20 12:14:14 UTC
From a downstream check.
Created attachment 258425 [details] [review] Use strlen() instead of hard-coding string length This avoids hard to detect bugs when we want a different string length, and will be optimised by the compiler anyway.
Created attachment 258426 [details] [review] Avoid OOB read with buggy servers If the server doesn't start the Content-Range field with "bytes=" we would have an out-of-bounds read trying to parse the content of that field. Fall back to a 0 offset when a parsing error occurs. See https://bugzilla.redhat.com/show_bug.cgi?id=1024020
Created attachment 258427 [details] [review] Fix clang warning dmap-md5.c:187:26: warning: 'memset' call operates on objects of type 'MD5_CTX' while the size is based on a different type 'MD5_CTX *' [-Wsizeof-pointer-memaccess] memset (ctx, 0, sizeof (ctx)); /* In case it's sensitive */ ~~~ ^~~ That should be "sizeof(*ctx)" instead. See https://bugzilla.redhat.com/show_bug.cgi?id=1023528
Fixed in Git master. May I have access to the Red Hat bugs?
(In reply to comment #4) > Fixed in Git master. May I have access to the Red Hat bugs? Done.
I just released libdmapsharing 2.9.24, and this release includes the patches above.
This failed QE checking on the downstream report
Review of attachment 258426 [details] [review]: ::: libdmapsharing/daap-share.c @@ +923,3 @@ gchar *content_range; + if (!g_ascii_strncasecmp (range_header, "bytes=", strlen("bytes="))) { the check here is inverted since strcmp returns 0 not TRUE on match. I'd recommend using g_str_has_prefix() instead.
Created attachment 274064 [details] [review] Fix incorrect fix for OOB reads with buggy servers 3e347fd3e8e7e20afc562268f27fd3c2b79f4d0e tried to fix problems with servers that had incorrect values in the Content-Range field, except that the condition was reversed. Correct g_ascii_strncasecmp() usage by using g_str_has_prefix() instead.
Fixed in libdmapsharing 2.9.25. Thank you.
Comment on attachment 274064 [details] [review] Fix incorrect fix for OOB reads with buggy servers Was committed in fbfd169b581d328df1b977dbcce6d2385bd271be