From 50d21a38d0719682f276173efd705ccbe78aca3d Mon Sep 17 00:00:00 2001
From: Thomas Bernard <miniupnp@free.fr>
Date: Thu, 25 May 2017 00:20:03 +0200
Subject: [PATCH] SSDP: use receiving interface index to check if from LAN

---
 miniupnpd/minissdp.c       | 33 +++++++++++++++++++++++++++------
 miniupnpd/minissdp.h       |  6 +++---
 miniupnpd/miniupnpd.c      |  4 ++--
 miniupnpd/miniupnpdtypes.h |  2 --
 4 files changed, 32 insertions(+), 13 deletions(-)

diff --git a/miniupnpd/minissdp.c b/miniupnpd/minissdp.c
index bcc74c8..db99738 100644
--- a/miniupnpd/minissdp.c
+++ b/miniupnpd/minissdp.c
@@ -915,10 +915,10 @@ ProcessSSDPRequest(int s, unsigned short http_port)
 	}
 #endif /* defined(IP_RECVIF) || defined(IP_PKTINFO) */
 #ifdef ENABLE_HTTPS
-	ProcessSSDPData(s, bufr, n, (struct sockaddr *)&sendername,
+	ProcessSSDPData(s, bufr, n, (struct sockaddr *)&sendername, source_ifindex,
 	                http_port, https_port);
 #else
-	ProcessSSDPData(s, bufr, n, (struct sockaddr *)&sendername,
+	ProcessSSDPData(s, bufr, n, (struct sockaddr *)&sendername, source_ifindex,
 	                http_port);
 #endif
 
@@ -927,12 +927,12 @@ ProcessSSDPRequest(int s, unsigned short http_port)
 #ifdef ENABLE_HTTPS
 void
 ProcessSSDPData(int s, const char *bufr, int n,
-                const struct sockaddr * sender,
+                const struct sockaddr * sender, int source_if,
                 unsigned short http_port, unsigned short https_port)
 #else
 void
 ProcessSSDPData(int s, const char *bufr, int n,
-                const struct sockaddr * sender,
+                const struct sockaddr * sender, int source_if,
                 unsigned short http_port)
 #endif
 {
@@ -966,10 +966,31 @@ ProcessSSDPData(int s, const char *bufr, int n,
 	/* get the string representation of the sender address */
 	sockaddr_to_string(sender, sender_str, sizeof(sender_str));
 	lan_addr = get_lan_for_peer(sender);
+	if(source_if >= 0)
+	{
+		if(lan_addr != NULL)
+		{
+			if(lan_addr->index != (unsigned)source_if)
+			{
+				syslog(LOG_WARNING, "interface index not matching %u != %d", lan_addr->index, source_if);
+			}
+		}
+		else
+		{
+			/* use the interface index */
+			for(lan_addr = lan_addrs.lh_first;
+			    lan_addr != NULL;
+			    lan_addr = lan_addr->list.le_next)
+			{
+				if(lan_addr->index == (unsigned)source_if)
+					break;
+			}
+		}
+	}
 	if(lan_addr == NULL)
 	{
-		syslog(LOG_WARNING, "SSDP packet sender %s not from a LAN, ignoring",
-		       sender_str);
+		syslog(LOG_WARNING, "SSDP packet sender %s (if_index=%d) not from a LAN, ignoring",
+		       sender_str, source_if);
 		return;
 	}
 
diff --git a/miniupnpd/minissdp.h b/miniupnpd/minissdp.h
index 3d3da60..a0e51a0 100644
--- a/miniupnpd/minissdp.h
+++ b/miniupnpd/minissdp.h
@@ -1,7 +1,7 @@
 /* $Id: minissdp.h,v 1.12 2014/04/09 07:20:59 nanard Exp $ */
 /* MiniUPnP project
  * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
- * (c) 2006-2014 Thomas Bernard
+ * (c) 2006-2017 Thomas Bernard
  * This software is subject to the conditions detailed
  * in the LICENCE file provided within the distribution */
 #ifndef MINISSDP_H_INCLUDED
@@ -39,12 +39,12 @@ ProcessSSDPRequest(int s, unsigned short http_port);
 #ifdef ENABLE_HTTPS
 void
 ProcessSSDPData(int s, const char *bufr, int n,
-                const struct sockaddr * sendername,
+                const struct sockaddr * sendername, int source_if,
                 unsigned short http_port, unsigned short https_port);
 #else
 void
 ProcessSSDPData(int s, const char *bufr, int n,
-                const struct sockaddr * sendername,
+                const struct sockaddr * sendername, int source_if,
                 unsigned short http_port);
 #endif
 
diff --git a/miniupnpd/miniupnpd.c b/miniupnpd/miniupnpd.c
index b145fe4..c6738e6 100644
--- a/miniupnpd/miniupnpd.c
+++ b/miniupnpd/miniupnpd.c
@@ -631,7 +631,7 @@ static int nfqueue_cb(
 
 					/* printf("pkt found %s\n",dd);*/
 					ProcessSSDPData (sudp, dd, size - x,
-					                 &sendername, (unsigned short) 5555);
+					                 &sendername, -1, (unsigned short) 5555);
 				}
 			}
 		}
@@ -984,7 +984,6 @@ parselanaddr(struct lan_addr_s * lan_addr, const char * str)
 		}
 	}
 #endif
-#ifdef ENABLE_IPV6
 	if(lan_addr->ifname[0] != '\0')
 	{
 		lan_addr->index = if_nametoindex(lan_addr->ifname);
@@ -992,6 +991,7 @@ parselanaddr(struct lan_addr_s * lan_addr, const char * str)
 			fprintf(stderr, "Cannot get index for network interface %s",
 			        lan_addr->ifname);
 	}
+#ifdef ENABLE_IPV6
 	else
 	{
 		fprintf(stderr,
diff --git a/miniupnpd/miniupnpdtypes.h b/miniupnpd/miniupnpdtypes.h
index 6e112b8..4e71c7e 100644
--- a/miniupnpd/miniupnpdtypes.h
+++ b/miniupnpd/miniupnpdtypes.h
@@ -16,9 +16,7 @@
  * with ascii representation and mask */
 struct lan_addr_s {
 	char ifname[IFNAMSIZ];	/* example: eth0 */
-#ifdef ENABLE_IPV6
 	unsigned int index;		/* use if_nametoindex() */
-#endif
 	char str[16];	/* example: 192.168.0.1 */
 	struct in_addr addr, mask;	/* ip/mask */
 #ifdef MULTIPLE_EXTERNAL_IP