Avoid malicious client exploit to exhaust the device's memory
Suppose the UPnP device is listening on 192.168.1.102:49152. Use the following to send garbage bytes to the device: while true; do echo "\""; done | netcat 192.168.1.102 49152 The device just keeps receiving these bytes and its memory usage keeps growing. Malicious client may exploit it to exhaust the device's memory. The attached patch eliminates this possibility.
This commit is contained in:
parent
7a571f513e
commit
9a9c4e829e
11
ChangeLog
11
ChangeLog
@ -2,6 +2,17 @@
|
|||||||
Version 1.6.19
|
Version 1.6.19
|
||||||
*******************************************************************************
|
*******************************************************************************
|
||||||
|
|
||||||
|
2013-09-02 Peng <howtofly(at)gmail.com>
|
||||||
|
|
||||||
|
Suppose the UPnP device is listening on 192.168.1.102:49152. Use the following to send
|
||||||
|
garbage bytes to the device:
|
||||||
|
while true; do echo "\""; done | netcat 192.168.1.102 49152
|
||||||
|
|
||||||
|
The device just keeps receiving these bytes and its memory usage keeps growing.
|
||||||
|
Malicious client may exploit it to exhaust the device's memory.
|
||||||
|
|
||||||
|
The attached patch eliminates this possibility.
|
||||||
|
|
||||||
2013-09-02 Peng <howtofly(at)gmail.com>
|
2013-09-02 Peng <howtofly(at)gmail.com>
|
||||||
|
|
||||||
1) restore the scanner's original cursor position in case of
|
1) restore the scanner's original cursor position in case of
|
||||||
|
@ -322,6 +322,7 @@ int http_RecvMessage(
|
|||||||
ret = 0;
|
ret = 0;
|
||||||
goto ExitFunction;
|
goto ExitFunction;
|
||||||
case PARSE_FAILURE:
|
case PARSE_FAILURE:
|
||||||
|
case PARSE_NO_MATCH:
|
||||||
*http_error_code = parser->http_error_code;
|
*http_error_code = parser->http_error_code;
|
||||||
line = __LINE__;
|
line = __LINE__;
|
||||||
ret = UPNP_E_BAD_HTTPMSG;
|
ret = UPNP_E_BAD_HTTPMSG;
|
||||||
|
Loading…
Reference in New Issue
Block a user