Gergo Huszty: 1 community/minidlna: patch for potential segfaults 2 files changed, 51 insertions(+), 5 deletions(-)
Copy & paste the following snippet into your terminal to import this patchset into git:
curl -s https://lists.alpinelinux.org/~alpine/aports/patches/1648/mbox | git am -3Learn more about email & git
From: libesz <huszty.gergo@digitaltrip.hu> Nfo parsing related fixes added in a patch. - uninitalized string (GetVideoMetadata() - nfo) -> memset to 0 - stack was kicked with 64k buffer unconditionally (parse_nfo() - buf) -> now it is on heap and malloc'd size depends on filesize --- community/minidlna/10-minidlna-nfo.patch | 42 ++++++++++++++++++++++++++++++++ community/minidlna/APKBUILD | 14 +++++++---- 2 files changed, 51 insertions(+), 5 deletions(-) create mode 100644 community/minidlna/10-minidlna-nfo.patch diff --git a/community/minidlna/10-minidlna-nfo.patch b/community/minidlna/10-minidlna-nfo.patch new file mode 100644 index 0000000..8e3497c --- /dev/null +++ b/community/minidlna/10-minidlna-nfo.patch @@ -0,0 +1,42 @@ +--- a/metadata.c ++++ b/metadata.c +@@ -160,7 +160,7 @@ + parse_nfo(const char *path, metadata_t *m) + { + FILE *nfo; +- char buf[65536]; ++ char *buf; + struct NameValueParserData xml; + struct stat file; + size_t nread; +@@ -172,11 +172,13 @@ + DPRINTF(E_INFO, L_METADATA, "Not parsing very large .nfo file %s\n", path); + return; + } ++ buf = malloc(file.st_size+1);
Timo Teras <timo.teras@iki.fi>The return value should be checked for out-of-memory. Additionally the code above checks for maximum of 65536, so using malloc does not help much here. Large files seem to be ignored intentionally. Though, if this fixes issues it's probably due to reducing stack usage. It might be better to increase default stack size, as large stack buffers might be used elsewhere.
++ memset(buf, '\0', file.st_size+1); + DPRINTF(E_DEBUG, L_METADATA, "Parsing .nfo file: %s\n", path); + nfo = fopen(path, "r"); + if( !nfo ) + return; +- nread = fread(&buf, 1, sizeof(buf), nfo); ++ nread = fread(buf, 1, file.st_size, nfo); + + ParseNameValue(buf, nread, &xml, 0); + +@@ -230,6 +232,7 @@ + + ClearNameValueList(&xml); + fclose(nfo); ++ free(buf); + } + + void +@@ -676,6 +679,7 @@ + + memset(&m, '\0', sizeof(m)); + memset(&video, '\0', sizeof(video)); ++ memset(nfo, '\0', sizeof(nfo)); + + //DEBUG DPRINTF(E_DEBUG, L_METADATA, "Parsing video %s...\n", name); + if ( stat(path, &file) != 0 )
Timo Teras <timo.teras@iki.fi>This probable does not fix anything. nfo is strcpy:ied to. > @@ -63,10 +64,13 @@ package() { > > md5sums="1970e553a1eb8a3e7e302e2ce292cbc4 minidlna-1.1.5.tar.gz > 6dd1ec5560ac30d7a04244101e912d45 minidlna.initd > -59d14c1bf3cd637138bfa58db7255d78 minidlna.confd" > +59d14c1bf3cd637138bfa58db7255d78 minidlna.confd > +ddb2a414261109509a81e2ede03e12ba 10-minidlna-nfo.patch" > sha256sums="8477ad0416bb2af5cd8da6dde6c07ffe1a413492b7fe40a362bc8587be15ab9b Checksum did not match. There was changes to it after last 'abuild checksum' ? --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---
diff --git a/community/minidlna/APKBUILD b/community/minidlna/APKBUILD index cab6b58..d66ffdb 100644 --- a/community/minidlna/APKBUILD +++ b/community/minidlna/APKBUILD @@ -2,12 +2,13 @@ # Maintainer: Francesco Colista <francesco.colista@gmail.com> pkgname=minidlna pkgver=1.1.5 -pkgrel=3 +pkgrel=4 pkgdesc="A small dlna server" url="http://sourceforge.net/projects/minidlna/" arch="all" license="GPL" depends= +options= makedepends=" bsd-compat-headers libvorbis-dev @@ -26,7 +27,7 @@ pkggroups="$pkgname" source="http://downloads.sourceforge.net/project/minidlna/minidlna/$pkgver/minidlna-$pkgver.tar.gz $pkgname.initd $pkgname.confd - " + 10-minidlna-nfo.patch" builddir="$srcdir/$pkgname-$pkgver" @@ -63,10 +64,13 @@ package() { md5sums="1970e553a1eb8a3e7e302e2ce292cbc4 minidlna-1.1.5.tar.gz 6dd1ec5560ac30d7a04244101e912d45 minidlna.initd -59d14c1bf3cd637138bfa58db7255d78 minidlna.confd" +59d14c1bf3cd637138bfa58db7255d78 minidlna.confd +ddb2a414261109509a81e2ede03e12ba 10-minidlna-nfo.patch" sha256sums="8477ad0416bb2af5cd8da6dde6c07ffe1a413492b7fe40a362bc8587be15ab9b minidlna-1.1.5.tar.gz 251e790bb8adb91b4d00dd47543b9b02409879ade0853ebc3bd0fc0184bd485e minidlna.initd -67603d65c6bd3918255f050cb5cfd6fc1373b024bca1ce728f03491a90d79e19 minidlna.confd" +67603d65c6bd3918255f050cb5cfd6fc1373b024bca1ce728f03491a90d79e19 minidlna.confd +26311a96a6a4a916c150839e46e5c4a2422fe00f1629304e6fb5d7dddacdc84e 10-minidlna-nfo.patch" sha512sums="2a8eaa42fcda6f98648f1726af5cdba6d2358c386440dd0de933364cfbd1ced2fee5f883033e1a5a692b760749beb2c12798020a3591ddcea22663102d4f3dfa minidlna-1.1.5.tar.gz e16961bb68c004297f1e26422b1d15bd8583ba2e0e36c88902a45573b685993fff88d2d0dae8c624eaeddb0deca614dbc13b8345f34b4c348961c00b05c0df30 minidlna.initd -e209848af0d79069ac989ad61d3be610b4c0c2783a207a50463a25ec3811b04d1da3a2acde54749878bec44e1567874ede827b978d5472c00f6a855663e5cbf8 minidlna.confd" +e209848af0d79069ac989ad61d3be610b4c0c2783a207a50463a25ec3811b04d1da3a2acde54749878bec44e1567874ede827b978d5472c00f6a855663e5cbf8 minidlna.confd +4be55ca6c4eeabcff7406088fb2cd4623dd8aebc45d81905cb4f1d24b3933a75c07af896ce55aeeb9dfe2598781f1b9e8cf9aff67cbd6fbcf763181642f9b77f 10-minidlna-nfo.patch" -- 2.8.3 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---
Huszty Gergő <huszty.gergo@digitaltrip.hu>Hi, Forgot to mention that it is also reported to the minidlna project: https://sourceforge.net/p/minidlna/bugs/294/ Br, Gergo 2017-02-04 21:13 időpontban Gergo Huszty ezt írta: