Fixes CVE-2023-33476:
ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable
to Buffer Overflow. The vulnerability is caused by incorrect
validation logic when handling HTTP requests using chunked transport
encoding. This results in other code later using attacker-controlled
chunk values that exceed the length of the allocated buffer,
resulting in out-of-bounds read/write.
Signed-off-by: Robert Högberg <robert.hogberg@gmail.com>
include $(TOPDIR)/rules.mk
PKG_NAME:=minidlna
-PKG_VERSION:=1.3.2
+PKG_VERSION:=1.3.3
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/minidlna
-PKG_HASH:=222ce45a1a60c3ce3de17527955d38e5ff7a4592d61db39577e6bf88e0ae1cb0
+PKG_HASH:=39026c6d4a139b9180192d1c37225aa3376fdf4f1a74d7debbdbb693d996afa4
PKG_MAINTAINER:=
PKG_LICENSE:=GPL-2.0-or-later BSD-3-Clause
{
int ret;
-@@ -1301,7 +1301,7 @@ BrowseContentDirectory(struct upnphttp *
+@@ -1305,7 +1305,7 @@ BrowseContentDirectory(struct upnphttp *
"<Result>"
"<DIDL-Lite"
CONTENT_DIRECTORY_SCHEMAS;
char *zErrMsg = NULL;
char *sql, *ptr;
struct Response args;
-@@ -1823,7 +1823,7 @@ SearchContentDirectory(struct upnphttp *
+@@ -1828,7 +1828,7 @@ SearchContentDirectory(struct upnphttp *
"<Result>"
"<DIDL-Lite"
CONTENT_DIRECTORY_SCHEMAS;