Avoid malicious client exploit to exhaust the device's memory

Suppose the UPnP device is listening on 192.168.1.102:49152. Use the following to send garbage bytes to the device: while true; do echo "\""; done | netcat 192.168.1.102 49152 The device just keeps receiving these bytes and its memory usage keeps growing. Malicious client may exploit it to exhaust the device's memory. The attached patch eliminates this possibility.
2013-09-02 14:56:11 -03:00 · 2013-09-02 14:56:11 -03:00 · 9a9c4e829e
commit 9a9c4e829e
parent 7a571f513e
2 changed files with 12 additions and 0 deletions
--- a/11
+++ b/11
@ -2,6 +2,17 @@
 Version 1.6.19
 *******************************************************************************

+2013-09-02 Peng <howtofly(at)gmail.com>
+
+	Suppose the UPnP device is listening on 192.168.1.102:49152. Use the following to send
+	garbage bytes to the device:
+	while true; do echo "\""; done | netcat 192.168.1.102 49152
+
+	The device just keeps receiving these bytes and its memory usage keeps growing.
+	Malicious client may exploit it to exhaust the device's memory.
+
+	The attached patch eliminates this possibility.
+
 2013-09-02 Peng <howtofly(at)gmail.com>

 	1) restore the scanner's original cursor position in case of
--- a/upnp/src/genlib/net/http/httpreadwrite.c
+++ b/upnp/src/genlib/net/http/httpreadwrite.c
@ -322,6 +322,7 @@ int http_RecvMessage(
 				ret = 0;
 				goto ExitFunction;
 			case PARSE_FAILURE:
+			case PARSE_NO_MATCH:
 				*http_error_code = parser->http_error_code;
 				line = __LINE__;
 				ret = UPNP_E_BAD_HTTPMSG;