packages/libupnp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2020-13848

Browse Source 
(cherry picked from commit fadd3bfc05c40d1a77b4cfa17b981a7b18918e56)
This commit is contained in:
lvhan 2021-02-01 10:49:43 +08:00 committed by openeuler-sync-bot
parent 8f4a8ad60a
commit 3f59c2f0e1
2 changed files with 57 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
CVE-2020-13848.patch Normal file
View File

@ -0,0 +1,51 @@
From d22c6cf5878d8919cd7eb612269555c6fa0c296a Mon Sep 17 00:00:00 2001
From: lvhan <lvhan@kylinos.cn>
Date: Mon, 1 Feb 2021 10:47:36 +0800
Subject: [PATCH] CVE-2020-13848
---
upnp/src/genlib/service_table/service_table.c | 21 ++++++++++---------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/upnp/src/genlib/service_table/service_table.c b/upnp/src/genlib/service_table/service_table.c
index 98c2c0f..b74fd1c 100644
--- a/upnp/src/genlib/service_table/service_table.c
+++ b/upnp/src/genlib/service_table/service_table.c
@@ -300,11 +300,11 @@ FindServiceEventURLPath( service_table * table,
uri_type parsed_url;
uri_type parsed_url_in;
- if( ( table )
- &&
- ( parse_uri( eventURLPath,
- strlen( eventURLPath ),
- &parsed_url_in ) == HTTP_SUCCESS ) ) {
+ if (!table || !eventURLPath) {
+ return NULL;
+ }
+ if (parse_uri(eventURLPath, strlen(eventURLPath), &parsed_url_in) ==
+ HTTP_SUCCESS) {
finger = table->serviceList;
while( finger ) {
@@ -352,11 +352,12 @@ FindServiceControlURLPath( service_table * table,
uri_type parsed_url;
uri_type parsed_url_in;
- if( ( table )
- &&
- ( parse_uri
- ( controlURLPath, strlen( controlURLPath ),
- &parsed_url_in ) == HTTP_SUCCESS ) ) {
+ if (!table || !controlURLPath) {
+ return NULL;
+ }
+ if (parse_uri(controlURLPath, strlen(controlURLPath), &parsed_url_in) ==
+ HTTP_SUCCESS) {
+
finger = table->serviceList;
while( finger ) {
if( finger->controlURL )
--
2.29.2.windows.2

7
libupnp.spec
View File

@ -1,12 +1,13 @@
Version: 1.8.4 Version: 1.8.4
Summary: Universal Plug and Play (UPnP) SDK Summary: Universal Plug and Play (UPnP) SDK
Name: libupnp Name: libupnp
Release: 2 Release: 3
License: BSD License: BSD
URL: https://sourceforge.net/projects/pupnp URL: https://sourceforge.net/projects/pupnp
Source: https://downloads.sourceforge.net/pupnp/%{name}-%{version}.tar.bz2 Source: https://downloads.sourceforge.net/pupnp/%{name}-%{version}.tar.bz2
Patch0: libupnp-1.8.4-nobump.patch Patch0: libupnp-1.8.4-nobump.patch
Patch1: 96.patch Patch1: 96.patch
Patch2: CVE-2020-13848.patch
BuildRequires: gcc autoconf automake BuildRequires: gcc autoconf automake
@ -28,6 +29,7 @@ the UPnP SDK libraries.
%setup -q %setup -q
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch2 -p1
autoreconf autoreconf
%build %build
@ -61,6 +63,9 @@ sed -i.rpath 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
%{_libdir}/pkgconfig/libupnp.pc %{_libdir}/pkgconfig/libupnp.pc
%changelog %changelog
* Mon Feb 1 2021 lvhan <lvhan@kylinos.com> - 1.8.4-3
- Fixes CVE-2020-13848
* Mon Dec 28 2020 Ge Wang <wangge20@huawei.com> - 1.8.4-2 * Mon Dec 28 2020 Ge Wang <wangge20@huawei.com> - 1.8.4-2
- Remove redundancy %{?dist} - Remove redundancy %{?dist}