Randomize URLs to avoid http://www.filet-o-firewall.com/

miniupnpd/Changelog.txt

@@ -1,5 +1,8 @@
 $Id: Changelog.txt,v 1.400 2015/08/26 07:32:31 nanard Exp $
 
+2015/09/14:
+  Randomize URLs to avoid http://www.filet-o-firewall.com/
+
 2015/08/25:
   better bind socket to right interface(s),
     using struct ip_mreqn, SO_BINDTODEVICE

miniupnpd/Makefile.linux

@@ -235,7 +235,8 @@ miniupnpd.o: getifaddr.h upnpsoap.h options.h minissdp.h upnpredirect.h
 miniupnpd.o: upnppinhole.h daemonize.h upnpevents.h asyncsendto.h natpmp.h
 miniupnpd.o: pcpserver.h commonrdr.h upnputils.h ifacewatcher.h
 upnphttp.o: config.h upnphttp.h upnpdescgen.h miniupnpdpath.h upnpsoap.h
-upnphttp.o: upnpevents.h upnputils.h
+upnphttp.o: upnpevents.h upnputils.h upnpglobalvars.h upnppermissions.h
+upnphttp.o: miniupnpdtypes.h
 upnpdescgen.o: config.h getifaddr.h upnpredirect.h upnpdescgen.h
 upnpdescgen.o: miniupnpdpath.h upnpglobalvars.h upnppermissions.h
 upnpdescgen.o: miniupnpdtypes.h upnpdescstrings.h upnpurns.h getconnstatus.h
@@ -260,7 +261,7 @@ options.o: miniupnpdtypes.h
 upnppermissions.o: config.h upnppermissions.h
 minissdp.o: config.h upnpdescstrings.h miniupnpdpath.h upnphttp.h
 minissdp.o: upnpglobalvars.h upnppermissions.h miniupnpdtypes.h minissdp.h
-minissdp.o: upnputils.h getroute.h asyncsendto.h codelength.h
+minissdp.o: upnputils.h getroute.h asyncsendto.h codelength.h macros.h
 natpmp.o: macros.h config.h natpmp.h upnpglobalvars.h upnppermissions.h
 natpmp.o: miniupnpdtypes.h getifaddr.h upnpredirect.h commonrdr.h upnputils.h
 natpmp.o: portinuse.h asyncsendto.h
@@ -274,11 +275,11 @@ upnputils.o: config.h upnputils.h upnpglobalvars.h upnppermissions.h
 upnputils.o: miniupnpdtypes.h getroute.h
 getconnstatus.o: getconnstatus.h getifaddr.h
 upnppinhole.o: macros.h config.h upnpredirect.h upnpglobalvars.h
-upnppinhole.o: upnppermissions.h miniupnpdtypes.h upnpevents.h
+upnppinhole.o: upnppermissions.h miniupnpdtypes.h upnpevents.h upnppinhole.h
 upnppinhole.o: netfilter/iptpinhole.h
 pcplearndscp.o: config.h upnpglobalvars.h upnppermissions.h miniupnpdtypes.h
 pcplearndscp.o: pcplearndscp.h
-asyncsendto.o: asyncsendto.h
+asyncsendto.o: asyncsendto.h upnputils.h
 linux/getifstats.o: config.h getifstats.h
 linux/ifacewatcher.o: config.h ifacewatcher.h config.h minissdp.h
 linux/ifacewatcher.o: miniupnpdtypes.h getifaddr.h upnpglobalvars.h

miniupnpd/genconfig.sh

@@ -535,6 +535,13 @@ cat >> ${CONFIGFILE} <<EOF
 /* Uncomment the following line if your device does not have a proper clock
  * BOOTID.UPNP.ORG can be set with command line */
 #define USE_TIME_AS_BOOTID
+
+EOF
+
+cat >> ${CONFIGFILE} <<EOF
+/* With the following macro defined, a random string is prepended to all URLs */
+#define RANDOMIZE_URLS
+
 EOF
 
 echo "#endif /* ${CONFIGMACRO} */" >> ${CONFIGFILE}

miniupnpd/minissdp.c

@@ -458,10 +458,17 @@ SendSSDPResponse(int s, const struct sockaddr * addr,
 		"USN: %s%s%.*s%s\r\n"
 		"EXT:\r\n"
 		"SERVER: " MINIUPNPD_SERVER_STRING "\r\n"
+#ifndef RANDOMIZE_URLS
 		"LOCATION: http://%s:%u" ROOTDESC_PATH "\r\n"
 #ifdef ENABLE_HTTPS
 		"SECURELOCATION.UPNP.ORG: https://%s:%u" ROOTDESC_PATH "\r\n"
-#endif
+#endif	/* ENABLE_HTTPS */
+#else	/* RANDOMIZE_URLS */
+		"LOCATION: http://%s:%u/%s" ROOTDESC_PATH "\r\n"
+#ifdef ENABLE_HTTPS
+		"SECURELOCATION.UPNP.ORG: https://%s:%u/%s" ROOTDESC_PATH "\r\n"
+#endif	/* ENABLE_HTTPS */
+#endif	/* RANDOMIZE_URLS */
 		"OPT: \"http://schemas.upnp.org/upnp/1/0/\"; ns=01\r\n" /* UDA v1.1 */
 		"01-NLS: %u\r\n" /* same as BOOTID. UDA v1.1 */
 		"BOOTID.UPNP.ORG: %u\r\n" /* UDA v1.1 */
@@ -474,9 +481,15 @@ SendSSDPResponse(int s, const struct sockaddr * addr,
 		uuidvalue, st_is_uuid ? "" : "::",
 		st_is_uuid ? 0 : st_len, st, suffix,
 		host, (unsigned int)http_port,
+#ifdef RANDOMIZE_URLS
+		random_url,
+#endif	/* RANDOMIZE_URLS */
 #ifdef ENABLE_HTTPS
 		host, (unsigned int)https_port,
-#endif
+#ifdef RANDOMIZE_URLS
+		random_url,
+#endif	/* RANDOMIZE_URLS */
+#endif	/* ENABLE_HTTPS */
 		upnp_bootid, upnp_bootid, upnp_configid);
 	if(l<0)
 	{
@@ -563,10 +576,17 @@ SendSSDPNotify(int s, const struct sockaddr * dest, socklen_t dest_len,
 		"NOTIFY * HTTP/1.1\r\n"
 		"HOST: %s:%d\r\n"
 		"CACHE-CONTROL: max-age=%u\r\n"
+#ifndef RANDOMIZE_URLS
 		"LOCATION: http://%s:%u" ROOTDESC_PATH "\r\n"
 #ifdef ENABLE_HTTPS
 		"SECURELOCATION.UPNP.ORG: https://%s:%u" ROOTDESC_PATH "\r\n"
-#endif
+#endif	/* ENABLE_HTTPS */
+#else	/* RANDOMIZE_URLS */
+		"LOCATION: http://%s:%u/%s" ROOTDESC_PATH "\r\n"
+#ifdef ENABLE_HTTPS
+		"SECURELOCATION.UPNP.ORG: https://%s:%u/%s" ROOTDESC_PATH "\r\n"
+#endif	/* ENABLE_HTTPS */
+#endif	/* RANDOMIZE_URLS */
 		"SERVER: " MINIUPNPD_SERVER_STRING "\r\n"
 		"NT: %s%s\r\n"
 		"USN: %s%s%s%s\r\n"
@@ -579,9 +599,15 @@ SendSSDPNotify(int s, const struct sockaddr * dest, socklen_t dest_len,
 		dest_str, SSDP_PORT,			/* HOST: */
 		lifetime,						/* CACHE-CONTROL: */
 		host, (unsigned int)http_port,	/* LOCATION: */
+#ifdef RANDOMIZE_URLS
+		random_url,
+#endif	/* RANDOMIZE_URLS */
 #ifdef ENABLE_HTTPS
 		host, (unsigned int)https_port,	/* SECURE-LOCATION: */
-#endif
+#ifdef RANDOMIZE_URLS
+		random_url,
+#endif	/* RANDOMIZE_URLS */
+#endif	/* ENABLE_HTTPS */
 		nt, suffix,						/* NT: */
 		usn1, usn2, usn3, suffix,		/* USN: */
 		upnp_bootid,					/* 01-NLS: */

miniupnpd/miniupnpd.c

@@ -1656,6 +1656,9 @@ init(int argc, char * * argv, struct runtime_vars * v)
 
 	/* initialize random number generator */
 	srandom((unsigned int)time(NULL));
+#ifdef RANDOMIZE_URLS
+	snprintf(random_url, RANDOM_URL_MAX_LEN, "%08lx", random());
+#endif /* RANDOMIZE_URLS */
 
 	/* initialize redirection engine (and pinholes) */
 	if(init_redirect() < 0)

miniupnpd/testupnpdescgen.c

@@ -1,7 +1,7 @@
 /* $Id: testupnpdescgen.c,v 1.32 2014/03/10 11:04:52 nanard Exp $ */
 /* MiniUPnP project
  * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
- * (c) 2006-2014 Thomas Bernard
+ * (c) 2006-2015 Thomas Bernard
  * This software is subject to the conditions detailed
  * in the LICENCE file provided within the distribution */
 
@@ -33,7 +33,10 @@ char manufacturer_url[] = ROOTDEV_MANUFACTURERURL;
 char model_name[] = ROOTDEV_MODELNAME;
 char model_description[] = ROOTDEV_MODELDESCRIPTION;
 char model_url[] = ROOTDEV_MODELURL;
-#endif
+#endif /* ENABLE_MANUFACTURER_INFO_CONFIGURATION */
+#ifdef RANDOMIZE_URLS
+char random_url[] = "RANDOM";
+#endif /* RANDOMIZE_URLS */
 
 char * use_ext_ip_addr = NULL;
 const char * ext_if_name = "eth0";

miniupnpd/upnpdescgen.c

@@ -1,7 +1,7 @@
 /* $Id: upnpdescgen.c,v 1.77 2014/03/10 11:04:53 nanard Exp $ */
 /* MiniUPnP project
  * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
- * (c) 2006-2014 Thomas Bernard
+ * (c) 2006-2015 Thomas Bernard
  * This software is subject to the conditions detailed
  * in the LICENCE file provided within the distribution */
 
@@ -880,6 +880,14 @@ genXML(char * str, int * len, int * tmplen,
 				str = strcat_char(str, len, tmplen, '<');
 				str = strcat_str(str, len, tmplen, eltname+1);
 				str = strcat_char(str, len, tmplen, '>');
+#ifdef RANDOMIZE_URLS
+				if(p[i].data[0] == '/')
+				{
+					/* prepend all URL paths with a "random" value */
+					str = strcat_char(str, len, tmplen, '/');
+					str = strcat_str(str, len, tmplen, random_url);
+				}
+#endif /* RANDOMIZE_URLS */
 				str = strcat_str(str, len, tmplen, p[i].data);
 				str = strcat_char(str, len, tmplen, '<');
 				str = strcat_str(str, len, tmplen, eltname);
@@ -916,7 +924,7 @@ genXML(char * str, int * len, int * tmplen,
 			k = (unsigned long)p[i].data;
 			i = k & 0xffff;
 			j = i + (k >> 16);
-			top++;
+			top++;	/* TODO : check stack overflow ! */
 			/*printf(" +pile[%d]\t%d %d\n", top, i, j); */
 			pile[top].i = i;
 			pile[top].j = j;

miniupnpd/upnpglobalvars.c

@@ -1,7 +1,7 @@
 /* $Id: upnpglobalvars.c,v 1.39 2014/12/10 09:49:22 nanard Exp $ */
 /* MiniUPnP project
  * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
- * (c) 2006-2014 Thomas Bernard
+ * (c) 2006-2015 Thomas Bernard
  * This software is subject to the conditions detailed
  * in the LICENCE file provided within the distribution */
 
@@ -144,3 +144,7 @@ unsigned int upnp_bootid = 1;      /* BOOTID.UPNP.ORG */
  * SCPD = Service Control Protocol Description */
 unsigned int upnp_configid = 1337; /* CONFIGID.UPNP.ORG */
 
+#ifdef RANDOMIZE_URLS
+char random_url[RANDOM_URL_MAX_LEN] = "random";
+#endif /* RANDOMIZE_URLS */
+

miniupnpd/upnpglobalvars.h

@@ -1,7 +1,7 @@
 /* $Id: upnpglobalvars.h,v 1.38 2014/03/10 11:04:53 nanard Exp $ */
 /* MiniUPnP project
  * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
- * (c) 2006-2014 Thomas Bernard
+ * (c) 2006-2015 Thomas Bernard
  * This software is subject to the conditions detailed
  * in the LICENCE file provided within the distribution */
 
@@ -144,7 +144,7 @@ extern char ipv6_addr_for_http_with_brackets[64];
 /* address used to bind local services */
 extern struct in6_addr ipv6_bind_addr;
 
-#endif
+#endif /* ENABLE_IPV6 */
 
 extern const char * minissdpdsocketpath;
 
@@ -152,5 +152,9 @@ extern const char * minissdpdsocketpath;
 extern unsigned int upnp_bootid;
 extern unsigned int upnp_configid;
 
-#endif
+#ifdef RANDOMIZE_URLS
+#define RANDOM_URL_MAX_LEN (16)
+extern char random_url[];
+#endif /* RANDOMIZE_URLS */
 
+#endif /* UPNPGLOBALVARS_H_INCLUDED */

miniupnpd/upnphttp.c

@@ -2,7 +2,7 @@
 /* Project :  miniupnp
  * Website :  http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
  * Author :   Thomas Bernard
- * Copyright (c) 2005-2014 Thomas Bernard
+ * Copyright (c) 2005-2015 Thomas Bernard
  * This software is subject to the conditions detailed in the
  * LICENCE file included in this distribution.
  * */
@@ -28,6 +28,9 @@
 #include "upnpsoap.h"
 #include "upnpevents.h"
 #include "upnputils.h"
+#ifdef RANDOMIZE_URLS
+#include "upnpglobalvars.h"
+#endif /* RANDOMIZE_URLS */
 
 #ifdef ENABLE_HTTPS
 #include <openssl/err.h>
@@ -786,6 +789,17 @@ ProcessHttpQuery_upnphttp(struct upnphttp * h)
 			}
 		}
 	}
+#ifdef RANDOMIZE_URLS
+	/* first check if the URL begins with the randomized string */
+	if(HttpUrl[0] != '/' || memcmp(HttpUrl+1, random_url, strlen(random_url)) != 0)
+	{
+		Send404(h);
+		return;
+	}
+	/* remove "random" from the start of the URL */
+	p = HttpUrl + strlen(random_url) + 1;
+	memmove(HttpUrl, p, strlen(p) + 1);
+#endif /* RANDOMIZE_URLS */
 	if(strcmp("POST", HttpCommand) == 0)
 	{
 		h->req_command = EPost;