signalwire · andywolk · Feb 4, 2025 · Jan 30, 2025
diff --git a/libs/xmlrpc-c/lib/abyss/src/handler.c b/libs/xmlrpc-c/lib/abyss/src/handler.c
@@ -305,7 +305,7 @@ sendDirectoryDocument(TList *      const listP,
         if (k > 24) {
             snprintf(z1, sizeof(z1), "%.10s...%s", z, z + k - 11);
             k = 24;
-            p = z1 + 24;
+            p = z1 + k;
         } else {
             snprintf(z1, sizeof(z1), "%s", z);
 

diff --git a/libs/xmlrpc-c/lib/expat/xmlparse/xmlparse.c b/libs/xmlrpc-c/lib/expat/xmlparse/xmlparse.c
@@ -2416,6 +2416,7 @@ doStartTagNoAtts(XML_Parser       const xmlParserP,
         }
         tag->buf = malloc(INIT_TAG_BUF_SIZE);
         if (!tag->buf) {
+            free(tag);
             *errorCodeP = XML_ERROR_NO_MEMORY;
             return;
         }
@@ -3646,8 +3647,10 @@ doProlog(XML_Parser       const xmlParserP,
       switch (tok) {
       case XML_TOK_PARAM_ENTITY_REF:
         *errorCodeP = XML_ERROR_PARAM_ENTITY_REF;
+        break;
       case XML_TOK_XML_DECL:
         *errorCodeP = XML_ERROR_MISPLACED_XML_PI;
+        break;
       default:
         *errorCodeP = XML_ERROR_SYNTAX;
       }

diff --git a/libs/xmlrpc-c/lib/libutil/utf8.c b/libs/xmlrpc-c/lib/libutil/utf8.c
@@ -170,7 +170,7 @@ decodeMultibyte(xmlrpc_env * const envP,
 
    Return the character in UTF-16 format as *wcP.
 -----------------------------------------------------------------------------*/
-    wchar_t wc;
+    wchar_t wc = 0;
 
     assert(utf8_seq[0] & 0x80); /* High bit set: this is multibyte seq */
 

diff --git a/libs/xmlrpc-c/src/xmlrpc_decompose.c b/libs/xmlrpc-c/src/xmlrpc_decompose.c
@@ -181,9 +181,10 @@ releaseDecompArray(struct arrayDecomp const arrayDecomp,
 
 
 static void
-releaseDecompStruct(struct structDecomp const structDecomp,
+releaseDecompStruct(struct structDecomp const *_structDecomp,
                     bool                const oldstyleMemMgmt) {
 
+    struct structDecomp const structDecomp = *_structDecomp;
     unsigned int i;
     for (i = 0; i < structDecomp.mbrCnt; ++i) {
         releaseDecomposition(structDecomp.mbrArray[i].decompTreeP,
@@ -239,7 +240,7 @@ releaseDecomposition(const struct decompTreeNode * const decompRootP,
         releaseDecompArray(decompRootP->store.Tarray, oldstyleMemMgmt);
         break;
     case '{':
-        releaseDecompStruct(decompRootP->store.Tstruct, oldstyleMemMgmt);
+        releaseDecompStruct(&decompRootP->store.Tstruct, oldstyleMemMgmt);
         break;
     }
 }
@@ -259,8 +260,9 @@ decomposeValueWithTree(xmlrpc_env *                  const envP,
 static void
 validateArraySize(xmlrpc_env *         const envP,
                   const xmlrpc_value * const arrayP,
-                  struct arrayDecomp   const arrayDecomp) {
+                  struct arrayDecomp   const *_arrayDecomp) {
 
+    struct arrayDecomp   const arrayDecomp = *_arrayDecomp;
     unsigned int size;
 
     size = xmlrpc_array_size(envP, arrayP);
@@ -284,10 +286,12 @@ validateArraySize(xmlrpc_env *         const envP,
 static void 
 parsearray(xmlrpc_env *         const envP,
            const xmlrpc_value * const arrayP,
-           struct arrayDecomp   const arrayDecomp,
+           struct arrayDecomp   const *_arrayDecomp,
            bool                 const oldstyleMemMgmt) {
 
-    validateArraySize(envP, arrayP, arrayDecomp);
+    struct arrayDecomp   const arrayDecomp = *_arrayDecomp;
+
+    validateArraySize(envP, arrayP, &arrayDecomp);
 
     if (!envP->fault_occurred) {
         unsigned int doneCnt;
@@ -324,9 +328,10 @@ parsearray(xmlrpc_env *         const envP,
 static void 
 parsestruct(xmlrpc_env *        const envP,
             xmlrpc_value *      const structP,
-            struct structDecomp const structDecomp,
+            struct structDecomp const *_structDecomp,
             bool                const oldstyleMemMgmt) {
 
+	struct structDecomp const structDecomp = *_structDecomp;
     unsigned int doneCount;
 
     doneCount = 0;  /* No members done yet */
@@ -569,7 +574,7 @@ decomposeValueWithTree(xmlrpc_env *                  const envP,
                 "%s, but the '(...)' specifier requires type ARRAY",
                 xmlrpc_type_name(xmlrpc_value_type(valueP)));
         else
-            parsearray(envP, valueP, decompRootP->store.Tarray,
+            parsearray(envP, valueP, &decompRootP->store.Tarray,
                        oldstyleMemMgmt);
         break;
 
@@ -580,7 +585,7 @@ decomposeValueWithTree(xmlrpc_env *                  const envP,
                 "%s, but the '{...}' specifier requires type STRUCT",
                 xmlrpc_type_name(xmlrpc_value_type(valueP)));
         else
-            parsestruct(envP, valueP, decompRootP->store.Tstruct,
+            parsestruct(envP, valueP, &decompRootP->store.Tstruct,
                         oldstyleMemMgmt);
         break;
 

diff --git a/libs/xmlrpc-c/src/xmlrpc_server_abyss.c b/libs/xmlrpc-c/src/xmlrpc_server_abyss.c
@@ -179,9 +179,11 @@ sendResponse(xmlrpc_env *      const envP,
 
     ResponseStatus(abyssSessionP, 200);
 
+#if 0 /* Uncomment once http_cookie is not NULL again */
     if (http_cookie)
         /* There's an auth cookie, so pass it back in the response. */
         addAuthCookie(envP, abyssSessionP, http_cookie);
+#endif
 
     if ((size_t)(uint32_t)len != len)
         xmlrpc_faultf(envP, "XML-RPC method generated a response too "

diff --git a/libs/xmlrpc-c/src/xmlrpc_server_cgi.c b/libs/xmlrpc-c/src/xmlrpc_server_cgi.c
@@ -189,6 +189,7 @@ xmlrpc_server_cgi_process_call(xmlrpc_registry * const registryP) {
     size_t input_size, output_size;
     int code;
     char *message;
+    char *err = NULL;
 
     /* Error-handling preconditions. */
     xmlrpc_env_init(&env);
@@ -209,13 +210,13 @@ xmlrpc_server_cgi_process_call(xmlrpc_registry * const registryP) {
     }
     if (!type || !xmlrpc_strneq(type, "text/xml", strlen("text/xml"))) {
 	char *template = "Expected content type: \"text/xml\", received: \"%s\"";
-	size_t err_len = strlen(template) + strlen(type) + 1;
-	char *err = malloc(err_len);
+    size_t err_len = strlen(template) + (type ? strlen(type) : 0) + 1;
 
-	(void)snprintf(err, err_len, template, type);
+    err = malloc(err_len);
+
+    (void)snprintf(err, err_len, template, (type ? type : ""));
         code = 400; message = "Bad Request";
         XMLRPC_FAIL(&env, XMLRPC_INTERNAL_ERROR, err);
-	free(err);
     }
     if (!length_str) {
         code = 411; message = "Length Required";
@@ -254,6 +255,8 @@ xmlrpc_server_cgi_process_call(xmlrpc_registry * const registryP) {
     send_xml(output_data, output_size);
 
  cleanup:
+    if (err)
+        free(err);
     if (input)
         xmlrpc_mem_block_free(input);
     if (output)