Avoid malicious client exploit to exhaust the device's memory
Suppose the UPnP device is listening on 192.168.1.102:49152. Use the following to send
garbage bytes to the device:
while true; do echo "\""; done | netcat 192.168.1.102 49152
The device just keeps receiving these bytes and its memory usage keeps growing.
Malicious client may exploit it to exhaust the device's memory.
The attached patch eliminates this possibility.
(cherry picked from commit 9a9c4e829e
)
This commit is contained in:
parent
2c663643dd
commit
1a8a8228e4
11
ChangeLog
11
ChangeLog
@ -357,6 +357,17 @@ Version 1.8.0
|
||||
Version 1.6.19
|
||||
*******************************************************************************
|
||||
|
||||
2013-09-02 Peng <howtofly(at)gmail.com>
|
||||
|
||||
Suppose the UPnP device is listening on 192.168.1.102:49152. Use the following to send
|
||||
garbage bytes to the device:
|
||||
while true; do echo "\""; done | netcat 192.168.1.102 49152
|
||||
|
||||
The device just keeps receiving these bytes and its memory usage keeps growing.
|
||||
Malicious client may exploit it to exhaust the device's memory.
|
||||
|
||||
The attached patch eliminates this possibility.
|
||||
|
||||
2013-09-02 Peng <howtofly(at)gmail.com>
|
||||
|
||||
1) restore the scanner's original cursor position in case of
|
||||
|
@ -382,6 +382,7 @@ int http_RecvMessage(
|
||||
ret = 0;
|
||||
goto ExitFunction;
|
||||
case PARSE_FAILURE:
|
||||
case PARSE_NO_MATCH:
|
||||
*http_error_code = parser->http_error_code;
|
||||
line = __LINE__;
|
||||
ret = UPNP_E_BAD_HTTPMSG;
|
||||
|
Loading…
Reference in New Issue
Block a user