Avoid malicious client exploit to exhaust the device's memory

Suppose the UPnP device is listening on 192.168.1.102:49152. Use the following to send
garbage bytes to the device:
while true; do echo "\""; done | netcat 192.168.1.102 49152

The device just keeps receiving these bytes and its memory usage keeps growing.
Malicious client may exploit it to exhaust the device's memory.

The attached patch eliminates this possibility.
This commit is contained in:
Peng 2013-09-02 14:56:11 -03:00 committed by Marcelo Roberto Jimenez
parent 7a571f513e
commit 9a9c4e829e
2 changed files with 12 additions and 0 deletions

View File

@ -2,6 +2,17 @@
Version 1.6.19 Version 1.6.19
******************************************************************************* *******************************************************************************
2013-09-02 Peng <howtofly(at)gmail.com>
Suppose the UPnP device is listening on 192.168.1.102:49152. Use the following to send
garbage bytes to the device:
while true; do echo "\""; done | netcat 192.168.1.102 49152
The device just keeps receiving these bytes and its memory usage keeps growing.
Malicious client may exploit it to exhaust the device's memory.
The attached patch eliminates this possibility.
2013-09-02 Peng <howtofly(at)gmail.com> 2013-09-02 Peng <howtofly(at)gmail.com>
1) restore the scanner's original cursor position in case of 1) restore the scanner's original cursor position in case of

View File

@ -322,6 +322,7 @@ int http_RecvMessage(
ret = 0; ret = 0;
goto ExitFunction; goto ExitFunction;
case PARSE_FAILURE: case PARSE_FAILURE:
case PARSE_NO_MATCH:
*http_error_code = parser->http_error_code; *http_error_code = parser->http_error_code;
line = __LINE__; line = __LINE__;
ret = UPNP_E_BAD_HTTPMSG; ret = UPNP_E_BAD_HTTPMSG;