From 162c6843b6a85d27398c8272d7efc0998e550328 Mon Sep 17 00:00:00 2001
From: libesz <huszty.gergo@digitaltrip.hu>
Date: Sat, 4 Feb 2017 20:13:54 +0000
Subject: community/minidlna: patch for potential segfaults

Nfo parsing related fixes added in a patch.
 - uninitalized string (GetVideoMetadata() - nfo) -> memset to 0
 - stack was kicked with 64k buffer unconditionally (parse_nfo() - buf) -> now it is on heap and malloc'd size depends on filesize
---
 community/minidlna/10-minidlna-nfo.patch | 44 ++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 community/minidlna/10-minidlna-nfo.patch

(limited to 'community/minidlna/10-minidlna-nfo.patch')

diff --git a/community/minidlna/10-minidlna-nfo.patch b/community/minidlna/10-minidlna-nfo.patch
new file mode 100644
index 0000000000..fd0049faa1
--- /dev/null
+++ b/community/minidlna/10-minidlna-nfo.patch
@@ -0,0 +1,44 @@
+https://sourceforge.net/p/minidlna/bugs/294/
+
+--- a/metadata.c
++++ b/metadata.c
+@@ -160,7 +160,7 @@
+ parse_nfo(const char *path, metadata_t *m)
+ {
+ 	FILE *nfo;
+-	char buf[65536];
++	char *buf;
+ 	struct NameValueParserData xml;
+ 	struct stat file;
+ 	size_t nread;
+@@ -172,11 +172,13 @@
+ 		DPRINTF(E_INFO, L_METADATA, "Not parsing very large .nfo file %s\n", path);
+ 		return;
+ 	}
++	buf = malloc(file.st_size+1);
++	memset(buf, '\0', file.st_size+1);
+ 	DPRINTF(E_DEBUG, L_METADATA, "Parsing .nfo file: %s\n", path);
+ 	nfo = fopen(path, "r");
+ 	if( !nfo )
+ 		return;
+-	nread = fread(&buf, 1, sizeof(buf), nfo);
++	nread = fread(buf, 1, file.st_size, nfo);
+ 	
+ 	ParseNameValue(buf, nread, &xml, 0);
+ 
+@@ -230,6 +232,7 @@
+ 
+ 	ClearNameValueList(&xml);
+ 	fclose(nfo);
++	free(buf);
+ }
+ 
+ void
+@@ -676,6 +679,7 @@
+ 
+ 	memset(&m, '\0', sizeof(m));
+ 	memset(&video, '\0', sizeof(video));
++	memset(nfo, '\0', sizeof(nfo));
+ 
+ 	//DEBUG DPRINTF(E_DEBUG, L_METADATA, "Parsing video %s...\n", name);
+ 	if ( stat(path, &file) != 0 )
-- 
cgit v1.2.3