status-im/miniupnp
2
0
Fork 0
mirror of https://github.com/status-im/miniupnp.git synced 2025-01-31 08:36:16 +00:00
Code Issues Projects Releases Wiki Activity

Randomize URLs to avoid http://www.filet-o-firewall.com/

Browse Source
This commit is contained in:
Thomas Bernard 2015-09-14 12:10:15 +02:00
parent 32f1981520
commit a8f80040c9
10 changed files with 90 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
miniupnpd/Changelog.txt
View File

@ -1,5 +1,8 @@
$Id: Changelog.txt,v 1.400 2015/08/26 07:32:31 nanard Exp $ $Id: Changelog.txt,v 1.400 2015/08/26 07:32:31 nanard Exp $
2015/09/14:
Randomize URLs to avoid http://www.filet-o-firewall.com/
2015/08/25: 2015/08/25:
better bind socket to right interface(s), better bind socket to right interface(s),
using struct ip_mreqn, SO_BINDTODEVICE using struct ip_mreqn, SO_BINDTODEVICE

9
miniupnpd/Makefile.linux
View File

@ -235,7 +235,8 @@ miniupnpd.o: getifaddr.h upnpsoap.h options.h minissdp.h upnpredirect.h
miniupnpd.o: upnppinhole.h daemonize.h upnpevents.h asyncsendto.h natpmp.h miniupnpd.o: upnppinhole.h daemonize.h upnpevents.h asyncsendto.h natpmp.h
miniupnpd.o: pcpserver.h commonrdr.h upnputils.h ifacewatcher.h miniupnpd.o: pcpserver.h commonrdr.h upnputils.h ifacewatcher.h
upnphttp.o: config.h upnphttp.h upnpdescgen.h miniupnpdpath.h upnpsoap.h upnphttp.o: config.h upnphttp.h upnpdescgen.h miniupnpdpath.h upnpsoap.h
upnphttp.o: upnpevents.h upnputils.h upnphttp.o: upnpevents.h upnputils.h upnpglobalvars.h upnppermissions.h
upnphttp.o: miniupnpdtypes.h
upnpdescgen.o: config.h getifaddr.h upnpredirect.h upnpdescgen.h upnpdescgen.o: config.h getifaddr.h upnpredirect.h upnpdescgen.h
upnpdescgen.o: miniupnpdpath.h upnpglobalvars.h upnppermissions.h upnpdescgen.o: miniupnpdpath.h upnpglobalvars.h upnppermissions.h
upnpdescgen.o: miniupnpdtypes.h upnpdescstrings.h upnpurns.h getconnstatus.h upnpdescgen.o: miniupnpdtypes.h upnpdescstrings.h upnpurns.h getconnstatus.h
@ -260,7 +261,7 @@ options.o: miniupnpdtypes.h
upnppermissions.o: config.h upnppermissions.h upnppermissions.o: config.h upnppermissions.h
minissdp.o: config.h upnpdescstrings.h miniupnpdpath.h upnphttp.h minissdp.o: config.h upnpdescstrings.h miniupnpdpath.h upnphttp.h
minissdp.o: upnpglobalvars.h upnppermissions.h miniupnpdtypes.h minissdp.h minissdp.o: upnpglobalvars.h upnppermissions.h miniupnpdtypes.h minissdp.h
minissdp.o: upnputils.h getroute.h asyncsendto.h codelength.h minissdp.o: upnputils.h getroute.h asyncsendto.h codelength.h macros.h
natpmp.o: macros.h config.h natpmp.h upnpglobalvars.h upnppermissions.h natpmp.o: macros.h config.h natpmp.h upnpglobalvars.h upnppermissions.h
natpmp.o: miniupnpdtypes.h getifaddr.h upnpredirect.h commonrdr.h upnputils.h natpmp.o: miniupnpdtypes.h getifaddr.h upnpredirect.h commonrdr.h upnputils.h
natpmp.o: portinuse.h asyncsendto.h natpmp.o: portinuse.h asyncsendto.h
@ -274,11 +275,11 @@ upnputils.o: config.h upnputils.h upnpglobalvars.h upnppermissions.h
upnputils.o: miniupnpdtypes.h getroute.h upnputils.o: miniupnpdtypes.h getroute.h
getconnstatus.o: getconnstatus.h getifaddr.h getconnstatus.o: getconnstatus.h getifaddr.h
upnppinhole.o: macros.h config.h upnpredirect.h upnpglobalvars.h upnppinhole.o: macros.h config.h upnpredirect.h upnpglobalvars.h
upnppinhole.o: upnppermissions.h miniupnpdtypes.h upnpevents.h upnppinhole.o: upnppermissions.h miniupnpdtypes.h upnpevents.h upnppinhole.h
upnppinhole.o: netfilter/iptpinhole.h upnppinhole.o: netfilter/iptpinhole.h
pcplearndscp.o: config.h upnpglobalvars.h upnppermissions.h miniupnpdtypes.h pcplearndscp.o: config.h upnpglobalvars.h upnppermissions.h miniupnpdtypes.h
pcplearndscp.o: pcplearndscp.h pcplearndscp.o: pcplearndscp.h
asyncsendto.o: asyncsendto.h asyncsendto.o: asyncsendto.h upnputils.h
linux/getifstats.o: config.h getifstats.h linux/getifstats.o: config.h getifstats.h
linux/ifacewatcher.o: config.h ifacewatcher.h config.h minissdp.h linux/ifacewatcher.o: config.h ifacewatcher.h config.h minissdp.h
linux/ifacewatcher.o: miniupnpdtypes.h getifaddr.h upnpglobalvars.h linux/ifacewatcher.o: miniupnpdtypes.h getifaddr.h upnpglobalvars.h

7
miniupnpd/genconfig.sh
View File

@ -535,6 +535,13 @@ cat >> ${CONFIGFILE} <<EOF
/* Uncomment the following line if your device does not have a proper clock /* Uncomment the following line if your device does not have a proper clock
* BOOTID.UPNP.ORG can be set with command line */ * BOOTID.UPNP.ORG can be set with command line */
#define USE_TIME_AS_BOOTID #define USE_TIME_AS_BOOTID
EOF
cat >> ${CONFIGFILE} <<EOF
/* With the following macro defined, a random string is prepended to all URLs */
#define RANDOMIZE_URLS
EOF EOF
echo "#endif /* ${CONFIGMACRO} */" >> ${CONFIGFILE} echo "#endif /* ${CONFIGMACRO} */" >> ${CONFIGFILE}

34
miniupnpd/minissdp.c
View File

@ -458,10 +458,17 @@ SendSSDPResponse(int s, const struct sockaddr * addr,
"USN: %s%s%.*s%s\r\n" "USN: %s%s%.*s%s\r\n"
"EXT:\r\n" "EXT:\r\n"
"SERVER: " MINIUPNPD_SERVER_STRING "\r\n" "SERVER: " MINIUPNPD_SERVER_STRING "\r\n"
#ifndef RANDOMIZE_URLS
"LOCATION: http://%s:%u" ROOTDESC_PATH "\r\n" "LOCATION: http://%s:%u" ROOTDESC_PATH "\r\n"
#ifdef ENABLE_HTTPS #ifdef ENABLE_HTTPS
"SECURELOCATION.UPNP.ORG: https://%s:%u" ROOTDESC_PATH "\r\n" "SECURELOCATION.UPNP.ORG: https://%s:%u" ROOTDESC_PATH "\r\n"
#endif #endif /* ENABLE_HTTPS */
#else /* RANDOMIZE_URLS */
"LOCATION: http://%s:%u/%s" ROOTDESC_PATH "\r\n"
#ifdef ENABLE_HTTPS
"SECURELOCATION.UPNP.ORG: https://%s:%u/%s" ROOTDESC_PATH "\r\n"
#endif /* ENABLE_HTTPS */
#endif /* RANDOMIZE_URLS */
"OPT: \"http://schemas.upnp.org/upnp/1/0/\"; ns=01\r\n" /* UDA v1.1 */ "OPT: \"http://schemas.upnp.org/upnp/1/0/\"; ns=01\r\n" /* UDA v1.1 */
"01-NLS: %u\r\n" /* same as BOOTID. UDA v1.1 */ "01-NLS: %u\r\n" /* same as BOOTID. UDA v1.1 */
"BOOTID.UPNP.ORG: %u\r\n" /* UDA v1.1 */ "BOOTID.UPNP.ORG: %u\r\n" /* UDA v1.1 */
@ -474,9 +481,15 @@ SendSSDPResponse(int s, const struct sockaddr * addr,
uuidvalue, st_is_uuid ? "" : "::", uuidvalue, st_is_uuid ? "" : "::",
st_is_uuid ? 0 : st_len, st, suffix, st_is_uuid ? 0 : st_len, st, suffix,
host, (unsigned int)http_port, host, (unsigned int)http_port,
#ifdef RANDOMIZE_URLS
random_url,
#endif /* RANDOMIZE_URLS */
#ifdef ENABLE_HTTPS #ifdef ENABLE_HTTPS
host, (unsigned int)https_port, host, (unsigned int)https_port,
#endif #ifdef RANDOMIZE_URLS
random_url,
#endif /* RANDOMIZE_URLS */
#endif /* ENABLE_HTTPS */
upnp_bootid, upnp_bootid, upnp_configid); upnp_bootid, upnp_bootid, upnp_configid);
if(l<0) if(l<0)
{ {
@ -563,10 +576,17 @@ SendSSDPNotify(int s, const struct sockaddr * dest, socklen_t dest_len,
"NOTIFY * HTTP/1.1\r\n" "NOTIFY * HTTP/1.1\r\n"
"HOST: %s:%d\r\n" "HOST: %s:%d\r\n"
"CACHE-CONTROL: max-age=%u\r\n" "CACHE-CONTROL: max-age=%u\r\n"
#ifndef RANDOMIZE_URLS
"LOCATION: http://%s:%u" ROOTDESC_PATH "\r\n" "LOCATION: http://%s:%u" ROOTDESC_PATH "\r\n"
#ifdef ENABLE_HTTPS #ifdef ENABLE_HTTPS
"SECURELOCATION.UPNP.ORG: https://%s:%u" ROOTDESC_PATH "\r\n" "SECURELOCATION.UPNP.ORG: https://%s:%u" ROOTDESC_PATH "\r\n"
#endif #endif /* ENABLE_HTTPS */
#else /* RANDOMIZE_URLS */
"LOCATION: http://%s:%u/%s" ROOTDESC_PATH "\r\n"
#ifdef ENABLE_HTTPS
"SECURELOCATION.UPNP.ORG: https://%s:%u/%s" ROOTDESC_PATH "\r\n"
#endif /* ENABLE_HTTPS */
#endif /* RANDOMIZE_URLS */
"SERVER: " MINIUPNPD_SERVER_STRING "\r\n" "SERVER: " MINIUPNPD_SERVER_STRING "\r\n"
"NT: %s%s\r\n" "NT: %s%s\r\n"
"USN: %s%s%s%s\r\n" "USN: %s%s%s%s\r\n"
@ -579,9 +599,15 @@ SendSSDPNotify(int s, const struct sockaddr * dest, socklen_t dest_len,
dest_str, SSDP_PORT, /* HOST: */ dest_str, SSDP_PORT, /* HOST: */
lifetime, /* CACHE-CONTROL: */ lifetime, /* CACHE-CONTROL: */
host, (unsigned int)http_port, /* LOCATION: */ host, (unsigned int)http_port, /* LOCATION: */
#ifdef RANDOMIZE_URLS
random_url,
#endif /* RANDOMIZE_URLS */
#ifdef ENABLE_HTTPS #ifdef ENABLE_HTTPS
host, (unsigned int)https_port, /* SECURE-LOCATION: */ host, (unsigned int)https_port, /* SECURE-LOCATION: */
#endif #ifdef RANDOMIZE_URLS
random_url,
#endif /* RANDOMIZE_URLS */
#endif /* ENABLE_HTTPS */
nt, suffix, /* NT: */ nt, suffix, /* NT: */
usn1, usn2, usn3, suffix, /* USN: */ usn1, usn2, usn3, suffix, /* USN: */
upnp_bootid, /* 01-NLS: */ upnp_bootid, /* 01-NLS: */

3
miniupnpd/miniupnpd.c
View File

@ -1656,6 +1656,9 @@ init(int argc, char * * argv, struct runtime_vars * v)
/* initialize random number generator */ /* initialize random number generator */
srandom((unsigned int)time(NULL)); srandom((unsigned int)time(NULL));
#ifdef RANDOMIZE_URLS
snprintf(random_url, RANDOM_URL_MAX_LEN, "%08lx", random());
#endif /* RANDOMIZE_URLS */
/* initialize redirection engine (and pinholes) */ /* initialize redirection engine (and pinholes) */
if(init_redirect() < 0) if(init_redirect() < 0)

7
miniupnpd/testupnpdescgen.c
View File

@ -1,7 +1,7 @@
/* $Id: testupnpdescgen.c,v 1.32 2014/03/10 11:04:52 nanard Exp $ */ /* $Id: testupnpdescgen.c,v 1.32 2014/03/10 11:04:52 nanard Exp $ */
/* MiniUPnP project /* MiniUPnP project
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* (c) 2006-2014 Thomas Bernard * (c) 2006-2015 Thomas Bernard
* This software is subject to the conditions detailed * This software is subject to the conditions detailed
* in the LICENCE file provided within the distribution */ * in the LICENCE file provided within the distribution */
@ -33,7 +33,10 @@ char manufacturer_url[] = ROOTDEV_MANUFACTURERURL;
char model_name[] = ROOTDEV_MODELNAME; char model_name[] = ROOTDEV_MODELNAME;
char model_description[] = ROOTDEV_MODELDESCRIPTION; char model_description[] = ROOTDEV_MODELDESCRIPTION;
char model_url[] = ROOTDEV_MODELURL; char model_url[] = ROOTDEV_MODELURL;
#endif #endif /* ENABLE_MANUFACTURER_INFO_CONFIGURATION */
#ifdef RANDOMIZE_URLS
char random_url[] = "RANDOM";
#endif /* RANDOMIZE_URLS */
char * use_ext_ip_addr = NULL; char * use_ext_ip_addr = NULL;
const char * ext_if_name = "eth0"; const char * ext_if_name = "eth0";

12
miniupnpd/upnpdescgen.c
View File

@ -1,7 +1,7 @@
/* $Id: upnpdescgen.c,v 1.77 2014/03/10 11:04:53 nanard Exp $ */ /* $Id: upnpdescgen.c,v 1.77 2014/03/10 11:04:53 nanard Exp $ */
/* MiniUPnP project /* MiniUPnP project
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* (c) 2006-2014 Thomas Bernard * (c) 2006-2015 Thomas Bernard
* This software is subject to the conditions detailed * This software is subject to the conditions detailed
* in the LICENCE file provided within the distribution */ * in the LICENCE file provided within the distribution */
@ -880,6 +880,14 @@ genXML(char * str, int * len, int * tmplen,
str = strcat_char(str, len, tmplen, '<'); str = strcat_char(str, len, tmplen, '<');
str = strcat_str(str, len, tmplen, eltname+1); str = strcat_str(str, len, tmplen, eltname+1);
str = strcat_char(str, len, tmplen, '>'); str = strcat_char(str, len, tmplen, '>');
#ifdef RANDOMIZE_URLS
if(p[i].data[0] == '/')
{
/* prepend all URL paths with a "random" value */
str = strcat_char(str, len, tmplen, '/');
str = strcat_str(str, len, tmplen, random_url);
}
#endif /* RANDOMIZE_URLS */
str = strcat_str(str, len, tmplen, p[i].data); str = strcat_str(str, len, tmplen, p[i].data);
str = strcat_char(str, len, tmplen, '<'); str = strcat_char(str, len, tmplen, '<');
str = strcat_str(str, len, tmplen, eltname); str = strcat_str(str, len, tmplen, eltname);
@ -916,7 +924,7 @@ genXML(char * str, int * len, int * tmplen,
k = (unsigned long)p[i].data; k = (unsigned long)p[i].data;
i = k & 0xffff; i = k & 0xffff;
j = i + (k >> 16); j = i + (k >> 16);
top++; top++; /* TODO : check stack overflow ! */
/*printf(" +pile[%d]\t%d %d\n", top, i, j); */ /*printf(" +pile[%d]\t%d %d\n", top, i, j); */
pile[top].i = i; pile[top].i = i;
pile[top].j = j; pile[top].j = j;

6
miniupnpd/upnpglobalvars.c
View File

@ -1,7 +1,7 @@
/* $Id: upnpglobalvars.c,v 1.39 2014/12/10 09:49:22 nanard Exp $ */ /* $Id: upnpglobalvars.c,v 1.39 2014/12/10 09:49:22 nanard Exp $ */
/* MiniUPnP project /* MiniUPnP project
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* (c) 2006-2014 Thomas Bernard * (c) 2006-2015 Thomas Bernard
* This software is subject to the conditions detailed * This software is subject to the conditions detailed
* in the LICENCE file provided within the distribution */ * in the LICENCE file provided within the distribution */
@ -144,3 +144,7 @@ unsigned int upnp_bootid = 1; /* BOOTID.UPNP.ORG */
* SCPD = Service Control Protocol Description */ * SCPD = Service Control Protocol Description */
unsigned int upnp_configid = 1337; /* CONFIGID.UPNP.ORG */ unsigned int upnp_configid = 1337; /* CONFIGID.UPNP.ORG */
#ifdef RANDOMIZE_URLS
char random_url[RANDOM_URL_MAX_LEN] = "random";
#endif /* RANDOMIZE_URLS */

10
miniupnpd/upnpglobalvars.h
View File

@ -1,7 +1,7 @@
/* $Id: upnpglobalvars.h,v 1.38 2014/03/10 11:04:53 nanard Exp $ */ /* $Id: upnpglobalvars.h,v 1.38 2014/03/10 11:04:53 nanard Exp $ */
/* MiniUPnP project /* MiniUPnP project
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* (c) 2006-2014 Thomas Bernard * (c) 2006-2015 Thomas Bernard
* This software is subject to the conditions detailed * This software is subject to the conditions detailed
* in the LICENCE file provided within the distribution */ * in the LICENCE file provided within the distribution */
@ -144,7 +144,7 @@ extern char ipv6_addr_for_http_with_brackets[64];
/* address used to bind local services */ /* address used to bind local services */
extern struct in6_addr ipv6_bind_addr; extern struct in6_addr ipv6_bind_addr;
#endif #endif /* ENABLE_IPV6 */
extern const char * minissdpdsocketpath; extern const char * minissdpdsocketpath;
@ -152,5 +152,9 @@ extern const char * minissdpdsocketpath;
extern unsigned int upnp_bootid; extern unsigned int upnp_bootid;
extern unsigned int upnp_configid; extern unsigned int upnp_configid;
#endif #ifdef RANDOMIZE_URLS
#define RANDOM_URL_MAX_LEN (16)
extern char random_url[];
#endif /* RANDOMIZE_URLS */
#endif /* UPNPGLOBALVARS_H_INCLUDED */

16
miniupnpd/upnphttp.c
View File

@ -2,7 +2,7 @@
/* Project : miniupnp /* Project : miniupnp
* Website : http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * Website : http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* Author : Thomas Bernard * Author : Thomas Bernard
* Copyright (c) 2005-2014 Thomas Bernard * Copyright (c) 2005-2015 Thomas Bernard
* This software is subject to the conditions detailed in the * This software is subject to the conditions detailed in the
* LICENCE file included in this distribution. * LICENCE file included in this distribution.
* */ * */
@ -28,6 +28,9 @@
#include "upnpsoap.h" #include "upnpsoap.h"
#include "upnpevents.h" #include "upnpevents.h"
#include "upnputils.h" #include "upnputils.h"
#ifdef RANDOMIZE_URLS
#include "upnpglobalvars.h"
#endif /* RANDOMIZE_URLS */
#ifdef ENABLE_HTTPS #ifdef ENABLE_HTTPS
#include <openssl/err.h> #include <openssl/err.h>
@ -786,6 +789,17 @@ ProcessHttpQuery_upnphttp(struct upnphttp * h)
} }
} }
} }
#ifdef RANDOMIZE_URLS
/* first check if the URL begins with the randomized string */
if(HttpUrl[0] != '/' || memcmp(HttpUrl+1, random_url, strlen(random_url)) != 0)
{
Send404(h);
return;
}
/* remove "random" from the start of the URL */
p = HttpUrl + strlen(random_url) + 1;
memmove(HttpUrl, p, strlen(p) + 1);
#endif /* RANDOMIZE_URLS */
if(strcmp("POST", HttpCommand) == 0) if(strcmp("POST", HttpCommand) == 0)
{ {
h->req_command = EPost; h->req_command = EPost;