Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[minissdpc.c] Index out of bounds for type 'char[3]' #3

Open
Coeur opened this issue Nov 11, 2023 · 2 comments
Open

[minissdpc.c] Index out of bounds for type 'char[3]' #3

Coeur opened this issue Nov 11, 2023 · 2 comments

Comments

@Coeur
Copy link

Coeur commented Nov 11, 2023

In current version used by Transmission (which is e37cde8 from July 2017), minissdpc.c is causing undefined behavior on those lines:

miniupnpc/minissdpc.c

Lines 863 to 868 in e37cde8

tmp->buffer[urlsize] = '\0';
memcpy(tmp->st, st, stsize);
tmp->buffer[urlsize+1+stsize] = '\0';
if(usn != NULL)
memcpy(tmp->usn, usn, usnsize);
tmp->buffer[urlsize+1+stsize+1+usnsize] = '\0';

minissdpc.c:863 Index 37 out of bounds for type 'char[3]'
minissdpc.c:865 Index 89 out of bounds for type 'char[3]'
minissdpc.c:868 Index 184 out of bounds for type 'char[3]'

Screenshot 2023-11-11 at 04 04 29

I do not know if it's fixed or not in newer versions of miniupnpc: let's adopt a newer version and see from there.
@Neustradamus
Copy link

Dear @transmission team,

Any news on it?

Source:

@Coeur
Copy link
Author

Coeur commented Dec 20, 2023

There was an attempt to update it 1.5 years ago, but it got abandoned on Windows build issues (@ckerr):
transmission/transmission#3020
Feel free to try a pull request yourself, @Neustradamus

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Neustradamus @Coeur