status-im
/
miniupnp
mirror of https://github.com/status-im/miniupnp.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

miniupnpd/natpmp.c: avoid hang when all external ports in use 

The NAT-PMP code attempts to find a different eport if the
requested one is already in use. If all eports are in use, that
would previously cause the code to iterate through the range of
eports forever. To avoid this case, we keep track of the first
eport we attempted to use and abort the loop once we've cycled
through all possible values exactly once (which takes us back
to the initial eport).
This commit is contained in:
Daniel Becker 2014-02-28 00:00:26 -08:00
parent c492b6f56f
commit c6a8879c87
1 changed files with 52 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
miniupnpd/natpmp.c
View File

@ -205,6 +205,7 @@ void ProcessIncomingNATPMPPacket(int s, unsigned char *msg_buff, int len,
int proto; int proto;
char iaddr_old[16]; char iaddr_old[16];
unsigned short iport_old; unsigned short iport_old;
unsigned short eport_first;
unsigned int timestamp; unsigned int timestamp;
iport = ntohs(*((uint16_t *)(req+4))); iport = ntohs(*((uint16_t *)(req+4)));
@ -266,7 +267,9 @@ void ProcessIncomingNATPMPPacket(int s, unsigned char *msg_buff, int len,
} else if(iport==0 } else if(iport==0
|| !check_upnp_rule_against_permissions(upnppermlist, num_upnpperm, eport, senderaddr->sin_addr, iport)) { || !check_upnp_rule_against_permissions(upnppermlist, num_upnpperm, eport, senderaddr->sin_addr, iport)) {
resp[3] = 2; /* Not Authorized/Refused */ resp[3] = 2; /* Not Authorized/Refused */
} else do { } else {
eport_first = eport;
do {
r = get_redirect_rule(ext_if_name, eport, proto, r = get_redirect_rule(ext_if_name, eport, proto,
iaddr_old, sizeof(iaddr_old), iaddr_old, sizeof(iaddr_old),
&iport_old, 0, 0, 0, 0, &iport_old, 0, 0, 0, 0,
@ -284,6 +287,12 @@ void ProcessIncomingNATPMPPacket(int s, unsigned char *msg_buff, int len,
} }
} else { } else {
eport++; eport++;
if(eport == eport_first) { /* no external port available */
syslog(LOG_ERR, "Failed to find available eport for NAT-PMP %hu %s->%s:%hu",
eport, (proto==IPPROTO_TCP)?"tcp":"udp", senderaddrstr, iport);
resp[3] = 3; /* Failure */
break;
}
continue; continue;
} }
} }
@ -316,6 +325,7 @@ void ProcessIncomingNATPMPPacket(int s, unsigned char *msg_buff, int len,
break; break;
} }
} while(r==0); } while(r==0);
}
*((uint16_t *)(resp+8)) = htons(iport); /* private port */ *((uint16_t *)(resp+8)) = htons(iport); /* private port */
*((uint16_t *)(resp+10)) = htons(eport); /* public port */ *((uint16_t *)(resp+10)) = htons(eport); /* public port */
*((uint32_t *)(resp+12)) = htonl(lifetime); /* Port Mapping lifetime */ *((uint32_t *)(resp+12)) = htonl(lifetime); /* Port Mapping lifetime */