Avoid malicious client exploit to exhaust the device's memory
Suppose the UPnP device is listening on 192.168.1.102:49152. Use the following to send garbage bytes to the device: while true; do echo "\""; done | netcat 192.168.1.102 49152 The device just keeps receiving these bytes and its memory usage keeps growing. Malicious client may exploit it to exhaust the device's memory. The attached patch eliminates this possibility.
This commit is contained in:
		 Peng
					Peng
				
			
				
					committed by
					
						 Marcelo Roberto Jimenez
						Marcelo Roberto Jimenez
					
				
			
			
				
	
			
			
			 Marcelo Roberto Jimenez
						Marcelo Roberto Jimenez
					
				
			
						parent
						
							7a571f513e
						
					
				
				
					commit
					9a9c4e829e
				
			
							
								
								
									
										11
									
								
								ChangeLog
									
									
									
									
									
								
							
							
						
						
									
										11
									
								
								ChangeLog
									
									
									
									
									
								
							| @@ -2,6 +2,17 @@ | ||||
| Version 1.6.19 | ||||
| ******************************************************************************* | ||||
|  | ||||
| 2013-09-02 Peng <howtofly(at)gmail.com> | ||||
|  | ||||
| 	Suppose the UPnP device is listening on 192.168.1.102:49152. Use the following to send | ||||
| 	garbage bytes to the device: | ||||
| 	while true; do echo "\""; done | netcat 192.168.1.102 49152 | ||||
|  | ||||
| 	The device just keeps receiving these bytes and its memory usage keeps growing. | ||||
| 	Malicious client may exploit it to exhaust the device's memory. | ||||
|  | ||||
| 	The attached patch eliminates this possibility. | ||||
|  | ||||
| 2013-09-02 Peng <howtofly(at)gmail.com> | ||||
|  | ||||
| 	1) restore the scanner's original cursor position in case of | ||||
|   | ||||
| @@ -322,6 +322,7 @@ int http_RecvMessage( | ||||
| 				ret = 0; | ||||
| 				goto ExitFunction; | ||||
| 			case PARSE_FAILURE: | ||||
| 			case PARSE_NO_MATCH: | ||||
| 				*http_error_code = parser->http_error_code; | ||||
| 				line = __LINE__; | ||||
| 				ret = UPNP_E_BAD_HTTPMSG; | ||||
|   | ||||
		Reference in New Issue
	
	Block a user