X-Original-To: alpine-aports@lists.alpinelinux.org
Received: from digitaltrip.hu (digitaltrip.hu [87.229.24.37])
	by lists.alpinelinux.org (Postfix) with ESMTP id 2694A5C424E
	for <alpine-aports@lists.alpinelinux.org>; Sat,  4 Feb 2017 20:14:01 +0000 (GMT)
Received: from localhost (localhost [127.0.0.1])
	by digitaltrip.hu (Postfix) with ESMTP id DCD23C0369;
	Sat,  4 Feb 2017 21:13:58 +0100 (CET)
Received: from digitaltrip.hu ([127.0.0.1])
	by localhost (digitaltrip.hu [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 8VEI7ZMD2goa; Sat,  4 Feb 2017 21:13:57 +0100 (CET)
Received: from localhost.localdomain (unknown [88.132.202.49])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits))
	(No client certificate requested)
	by digitaltrip.hu (Postfix) with ESMTPSA id C4E6FC0365;
	Sat,  4 Feb 2017 21:13:57 +0100 (CET)
From: Gergo Huszty <huszty.gergo@digitaltrip.hu>
To: alpine-aports@lists.alpinelinux.org
Cc: libesz <huszty.gergo@digitaltrip.hu>
Subject: [alpine-aports] [PATCH] community/minidlna: patch for potential segfaults
Date: Sat,  4 Feb 2017 20:13:54 +0000
Message-Id: <20170204201354.26019-1-huszty.gergo@digitaltrip.hu>
X-Mailer: git-send-email 2.8.3
X-Mailinglist: alpine-aports
Precedence: list
List-Id: Alpine Development <alpine-aports.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-aports+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-aports@lists.alpinelinux.org>
List-Help: <mailto:alpine-aports+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-aports+subscribe@lists.alpinelinux.org?subject=subscribe>

From: libesz <huszty.gergo@digitaltrip.hu>

Nfo parsing related fixes added in a patch.
 - uninitalized string (GetVideoMetadata() - nfo) -> memset to 0
 - stack was kicked with 64k buffer unconditionally (parse_nfo() - buf) -> now it is on heap and malloc'd size depends on filesize
---
 community/minidlna/10-minidlna-nfo.patch | 42 ++++++++++++++++++++++++++++++++
 community/minidlna/APKBUILD              | 14 +++++++----
 2 files changed, 51 insertions(+), 5 deletions(-)
 create mode 100644 community/minidlna/10-minidlna-nfo.patch

diff --git a/community/minidlna/10-minidlna-nfo.patch b/community/minidlna/10-minidlna-nfo.patch
new file mode 100644
index 0000000..8e3497c
--- /dev/null
+++ b/community/minidlna/10-minidlna-nfo.patch
@@ -0,0 +1,42 @@
+--- a/metadata.c
++++ b/metadata.c
+@@ -160,7 +160,7 @@
+ parse_nfo(const char *path, metadata_t *m)
+ {
+ 	FILE *nfo;
+-	char buf[65536];
++	char *buf;
+ 	struct NameValueParserData xml;
+ 	struct stat file;
+ 	size_t nread;
+@@ -172,11 +172,13 @@
+ 		DPRINTF(E_INFO, L_METADATA, "Not parsing very large .nfo file %s\n", path);
+ 		return;
+ 	}
++	buf = malloc(file.st_size+1);
++	memset(buf, '\0', file.st_size+1);
+ 	DPRINTF(E_DEBUG, L_METADATA, "Parsing .nfo file: %s\n", path);
+ 	nfo = fopen(path, "r");
+ 	if( !nfo )
+ 		return;
+-	nread = fread(&buf, 1, sizeof(buf), nfo);
++	nread = fread(buf, 1, file.st_size, nfo);
+ 	
+ 	ParseNameValue(buf, nread, &xml, 0);
+ 
+@@ -230,6 +232,7 @@
+ 
+ 	ClearNameValueList(&xml);
+ 	fclose(nfo);
++	free(buf);
+ }
+ 
+ void
+@@ -676,6 +679,7 @@
+ 
+ 	memset(&m, '\0', sizeof(m));
+ 	memset(&video, '\0', sizeof(video));
++	memset(nfo, '\0', sizeof(nfo));
+ 
+ 	//DEBUG DPRINTF(E_DEBUG, L_METADATA, "Parsing video %s...\n", name);
+ 	if ( stat(path, &file) != 0 )
diff --git a/community/minidlna/APKBUILD b/community/minidlna/APKBUILD
index cab6b58..d66ffdb 100644
--- a/community/minidlna/APKBUILD
+++ b/community/minidlna/APKBUILD
@@ -2,12 +2,13 @@
 # Maintainer: Francesco Colista <francesco.colista@gmail.com>
 pkgname=minidlna
 pkgver=1.1.5
-pkgrel=3
+pkgrel=4
 pkgdesc="A small dlna server"
 url="http://sourceforge.net/projects/minidlna/"
 arch="all"
 license="GPL"
 depends=
+options=
 makedepends="
 	bsd-compat-headers
 	libvorbis-dev
@@ -26,7 +27,7 @@ pkggroups="$pkgname"
 source="http://downloads.sourceforge.net/project/minidlna/minidlna/$pkgver/minidlna-$pkgver.tar.gz
 	$pkgname.initd
 	$pkgname.confd
-	"
+	10-minidlna-nfo.patch"
 
 builddir="$srcdir/$pkgname-$pkgver"
 
@@ -63,10 +64,13 @@ package() {
 
 md5sums="1970e553a1eb8a3e7e302e2ce292cbc4  minidlna-1.1.5.tar.gz
 6dd1ec5560ac30d7a04244101e912d45  minidlna.initd
-59d14c1bf3cd637138bfa58db7255d78  minidlna.confd"
+59d14c1bf3cd637138bfa58db7255d78  minidlna.confd
+ddb2a414261109509a81e2ede03e12ba  10-minidlna-nfo.patch"
 sha256sums="8477ad0416bb2af5cd8da6dde6c07ffe1a413492b7fe40a362bc8587be15ab9b  minidlna-1.1.5.tar.gz
 251e790bb8adb91b4d00dd47543b9b02409879ade0853ebc3bd0fc0184bd485e  minidlna.initd
-67603d65c6bd3918255f050cb5cfd6fc1373b024bca1ce728f03491a90d79e19  minidlna.confd"
+67603d65c6bd3918255f050cb5cfd6fc1373b024bca1ce728f03491a90d79e19  minidlna.confd
+26311a96a6a4a916c150839e46e5c4a2422fe00f1629304e6fb5d7dddacdc84e  10-minidlna-nfo.patch"
 sha512sums="2a8eaa42fcda6f98648f1726af5cdba6d2358c386440dd0de933364cfbd1ced2fee5f883033e1a5a692b760749beb2c12798020a3591ddcea22663102d4f3dfa  minidlna-1.1.5.tar.gz
 e16961bb68c004297f1e26422b1d15bd8583ba2e0e36c88902a45573b685993fff88d2d0dae8c624eaeddb0deca614dbc13b8345f34b4c348961c00b05c0df30  minidlna.initd
-e209848af0d79069ac989ad61d3be610b4c0c2783a207a50463a25ec3811b04d1da3a2acde54749878bec44e1567874ede827b978d5472c00f6a855663e5cbf8  minidlna.confd"
+e209848af0d79069ac989ad61d3be610b4c0c2783a207a50463a25ec3811b04d1da3a2acde54749878bec44e1567874ede827b978d5472c00f6a855663e5cbf8  minidlna.confd
+4be55ca6c4eeabcff7406088fb2cd4623dd8aebc45d81905cb4f1d24b3933a75c07af896ce55aeeb9dfe2598781f1b9e8cf9aff67cbd6fbcf763181642f9b77f  10-minidlna-nfo.patch"
-- 
2.8.3



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---