From b58ee1930c5649d49caf6bf5ec6e7ca5bece5e8d Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Fri, 30 Mar 2012 21:52:37 +0200 Subject: [PATCH] Add --enable-unspecified_server Add --enable-unspecified_server configure option to set to "Unspecified" the OS name, OS version, product name and product version normally contained in the SERVER header as this could be used by an attacker. (forward port of commit 49af91fe4892e30316cceb12eb50c3f2cafb73b4) --- ChangeLog | 8 ++++++++ build/inc/autoconfig.h | 3 +++ build/inc/upnpconfig.h | 4 ++++ configure.ac | 5 +++++ upnp/inc/upnpconfig.h.in | 4 ++++ upnp/src/genlib/net/http/httpreadwrite.c | 4 ++++ 6 files changed, 28 insertions(+) diff --git a/ChangeLog b/ChangeLog index 876cf60..fe71a6f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -332,6 +332,14 @@ Version 1.8.0 Version 1.6.17 ******************************************************************************* +2012-03-30 Fabrice Fontaine + + Add --enable-unspecified_server + + Add --enable-unspecified_server configure option to set to "Unspecified" + the OS name, OS version, product name and product version normally + contained in the SERVER header as this could be used by an attacker. + 2012-03-29 Fabrice Fontaine Removing implicit casts in miniserver.c diff --git a/build/inc/autoconfig.h b/build/inc/autoconfig.h index b0b592f..aa0f42b 100644 --- a/build/inc/autoconfig.h +++ b/build/inc/autoconfig.h @@ -135,6 +135,9 @@ /* see upnpconfig.h */ /* #undef UPNP_ENABLE_OPEN_SSL */ +/* see upnpconfig.h */ +/* #undef UPNP_ENABLE_UNSPECIFIED_SERVER */ + /* see upnpconfig.h */ #define UPNP_HAVE_CLIENT 1 diff --git a/build/inc/upnpconfig.h b/build/inc/upnpconfig.h index 21c56f7..e3fba7c 100644 --- a/build/inc/upnpconfig.h +++ b/build/inc/upnpconfig.h @@ -128,6 +128,10 @@ * (i.e. configure --enable-ipv6) */ /* #undef UPNP_ENABLE_IPV6 */ +/** Defined to 1 if the library has been compiled with unspecified SERVER + * header (i.e. configure --enable-unspecified_server) */ +/* #undef UPNP_ENABLE_UNSPECIFIED_SERVER */ + /** Defined to 1 if the library has been compiled with OpenSSL support * (i.e. configure --enable-open_ssl) */ /* #undef UPNP_ENABLE_OPEN_SSL */ diff --git a/configure.ac b/configure.ac index 87aec3a..e5025cb 100644 --- a/configure.ac +++ b/configure.ac @@ -444,6 +444,11 @@ if test "x$enable_ipv6" = xyes ; then AC_DEFINE(UPNP_ENABLE_IPV6, 1, [see upnpconfig.h]) fi +RT_BOOL_ARG_ENABLE([unspecified_server], [no], [unspecified SERVER header]) +if test "x$enable_unspecified_server" = xyes ; then + AC_DEFINE(UPNP_ENABLE_UNSPECIFIED_SERVER, 1, [see upnpconfig.h]) +fi + RT_BOOL_ARG_ENABLE([open_ssl], [no], [open-ssl support]) if test "x$enable_open_ssl" = xyes ; then AC_DEFINE(UPNP_ENABLE_OPEN_SSL, 1, [see upnpconfig.h]) diff --git a/upnp/inc/upnpconfig.h.in b/upnp/inc/upnpconfig.h.in index d19ee87..46ddc6e 100644 --- a/upnp/inc/upnpconfig.h.in +++ b/upnp/inc/upnpconfig.h.in @@ -127,6 +127,10 @@ * (i.e. configure --enable-ipv6) */ #undef UPNP_ENABLE_IPV6 +/** Defined to 1 if the library has been compiled with unspecified SERVER + * header (i.e. configure --enable-unspecified_server) */ +#undef UPNP_ENABLE_UNSPECIFIED_SERVER + /** Defined to 1 if the library has been compiled with OpenSSL support * (i.e. configure --enable-open_ssl) */ #undef UPNP_ENABLE_OPEN_SSL diff --git a/upnp/src/genlib/net/http/httpreadwrite.c b/upnp/src/genlib/net/http/httpreadwrite.c index 27d3e1e..6d6d626 100644 --- a/upnp/src/genlib/net/http/httpreadwrite.c +++ b/upnp/src/genlib/net/http/httpreadwrite.c @@ -1960,6 +1960,9 @@ int http_OpenHttpGetEx( /* 'info' should have a size of at least 100 bytes */ void get_sdk_info(OUT char *info, IN size_t infoSize) { +#ifdef UPNP_ENABLE_UNSPECIFIED_SERVER + snprintf(info, infoSize, "Unspecified, UPnP/1.0, Unspecified\r\n"); +#else /* UPNP_ENABLE_UNSPECIFIED_SERVER */ #ifdef WIN32 OSVERSIONINFO versioninfo; versioninfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); @@ -1983,5 +1986,6 @@ void get_sdk_info(OUT char *info, IN size_t infoSize) "%s/%s, UPnP/1.0, Portable SDK for UPnP devices/" PACKAGE_VERSION "\r\n", sys_info.sysname, sys_info.release); #endif +#endif /* UPNP_ENABLE_UNSPECIFIED_SERVER */ }