X-Git-Url: http://www.project-moonshot.org/gitweb/?p=libeap.git;a=blobdiff_plain;f=src%2Fwps%2Fwps_upnp.c;h=4825d2a967e0e3dff9bae6892c0e00ff0615a5ad;hp=9108caa8479f9405abafb7f065f327566ac5f38e;hb=75c3fc2e8a8a63db0b31d4084cd199b6a44d73c7;hpb=75779589e889712c29c98f0515382be9335466c3

diff --git a/src/wps/wps_upnp.c b/src/wps/wps_upnp.c
index 9108caa..4825d2a 100644
--- a/src/wps/wps_upnp.c
+++ b/src/wps/wps_upnp.c
@@ -3,7 +3,7 @@
  * Copyright (c) 2000-2003 Intel Corporation
  * Copyright (c) 2006-2007 Sony Corporation
  * Copyright (c) 2008-2009 Atheros Communications
- * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2009-2010, Jouni Malinen <j@w1.fi>
  *
  * See below for more details on licensing and code history.
  */
@@ -293,7 +293,8 @@ static void subscr_addr_free_all(struct subscription *s)
 
 
 /* subscr_addr_add_url -- add address(es) for one url to subscription */
-static void subscr_addr_add_url(struct subscription *s, const char *url)
+static void subscr_addr_add_url(struct subscription *s, const char *url,
+				size_t url_len)
 {
 	int alloc_len;
 	char *scratch_mem = NULL;
@@ -309,17 +310,19 @@ static void subscr_addr_add_url(struct subscription *s, const char *url)
 	int rerr;
 
 	/* url MUST begin with http: */
-	if (os_strncasecmp(url, "http://", 7))
+	if (url_len < 7 || os_strncasecmp(url, "http://", 7))
 		goto fail;
 	url += 7;
+	url_len -= 7;
 
 	/* allocate memory for the extra stuff we need */
-	alloc_len = (2 * (os_strlen(url) + 1));
+	alloc_len = 2 * (url_len + 1);
 	scratch_mem = os_zalloc(alloc_len);
 	if (scratch_mem == NULL)
 		goto fail;
 	mem = scratch_mem;
-	strcpy(mem, url);
+	os_strncpy(mem, url, url_len);
+	wpa_printf(MSG_DEBUG, "WPS UPnP: Adding URL '%s'", mem);
 	domain_and_port = mem;
 	mem += 1 + os_strlen(mem);
 	delim = os_strchr(domain_and_port, '/');
@@ -331,7 +334,7 @@ static void subscr_addr_add_url(struct subscription *s, const char *url)
 	}
 	domain = mem;
 	strcpy(domain, domain_and_port);
-	delim = strchr(domain, ':');
+	delim = os_strchr(domain, ':');
 	if (delim) {
 		*delim++ = 0;   /* null terminate domain */
 		if (isdigit(*delim))
@@ -386,7 +389,7 @@ static void subscr_addr_add_url(struct subscription *s, const char *url)
 		if (path[0] != '/')
 			*mem++ = '/';
 		strcpy(mem, path);
-		mem += 1 + strlen(mem);
+		mem += 1 + os_strlen(mem);
 		os_memcpy(&a->saddr, rp->ai_addr, sizeof(a->saddr));
 		a->saddr.sin_port = htons(port);
 
@@ -406,7 +409,8 @@ fail:
 static void subscr_addr_list_create(struct subscription *s,
 				    const char *url_list)
 {
-	char *end;
+	const char *end;
+	wpa_printf(MSG_DEBUG, "WPS UPnP: Parsing URL list '%s'", url_list);
 	for (;;) {
 		while (*url_list == ' ' || *url_list == '\t')
 			url_list++;
@@ -416,9 +420,8 @@ static void subscr_addr_list_create(struct subscription *s,
 		end = os_strchr(url_list, '>');
 		if (end == NULL)
 			break;
-		*end++ = 0;
-		subscr_addr_add_url(s, url_list);
-		url_list = end;
+		subscr_addr_add_url(s, url_list, end - url_list);
+		url_list = end + 1;
 	}
 }