status-im/miniupnp
2
0
Fork 0
mirror of https://github.com/status-im/miniupnp.git synced 2025-01-18 10:22:03 +00:00
Code Issues Projects Releases Wiki Activity

miniupnpd: enable secure mode by default

Browse Source
This commit is contained in:
Thomas Bernard 2023-05-27 18:42:18 +02:00
parent 19aa26df7e
commit f91a32ff02
No known key found for this signature in database
GPG Key ID: DB511043A31ACAAF
3 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
miniupnpd/Changelog.txt
View File

@ -1,8 +1,9 @@
$Id: Changelog.txt,v 1.500 2023/05/27 09:55:39 nanard Exp $
$Id: Changelog.txt,v 1.501 2023/05/27 16:49:14 nanard Exp $
2023/05/27:
option enable_natpmp => enable_pcp_pmp
add a short list of build-time options in --version output
enable secure mode by default
VERSION 2.3.3 : released on 2023/02/17

21
miniupnpd/miniupnpd.c
View File

@ -1,4 +1,4 @@
/* $Id: miniupnpd.c,v 1.256 2023/05/27 09:55:40 nanard Exp $ */
/* $Id: miniupnpd.c,v 1.257 2023/05/27 16:49:17 nanard Exp $ */
/* vim: tabstop=4 shiftwidth=4 noexpandtab
* MiniUPnP project
* http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
@ -1214,7 +1214,7 @@ init(int argc, char * * argv, struct runtime_vars * v)
#endif /* DISABLE_CONFIG_FILE */
/* set initial values */
SETFLAG(ENABLEUPNPMASK); /* UPnP is enabled by default */
SETFLAG(ENABLEUPNPMASK | SECUREMODEMASK); /* UPnP and secure mode */
#ifdef ENABLE_IPV6
ipv6_bind_addr = in6addr_any;
#endif /* ENABLE_IPV6 */
@ -1440,8 +1440,8 @@ init(int argc, char * * argv, struct runtime_vars * v)
CLEARFLAG(ENABLEUPNPMASK);
break;
case UPNPSECUREMODE:
if(strcmp(ary_options[i].value, "yes") == 0)
SETFLAG(SECUREMODEMASK);
if (strcmp(ary_options[i].value, "no") == 0)
CLEARFLAG(SECUREMODEMASK);
break;
#ifdef ENABLE_LEASEFILE
case UPNPLEASEFILE:
@ -1614,7 +1614,14 @@ init(int argc, char * * argv, struct runtime_vars * v)
break;
#endif /* defined(USE_PF) || defined(USE_IPF) */
case 'S':
SETFLAG(SECUREMODEMASK);
/* -S0 to disable secure mode, for backward compatibility
* -S is ignored */
if (argv[i][2] == '0') {
CLEARFLAG(SECUREMODEMASK);
} else if (argv[i][2] != '\0') {
INIT_PRINT_ERR("Uses -S0 to disable secure mode.\n");
goto print_usage;
}
break;
case 'i':
if(i+1 < argc) {
@ -2019,7 +2026,7 @@ print_usage:
#if defined(USE_PF) || defined(USE_IPF)
" [-L]"
#endif
" [-U] [-S]"
" [-U] [-S0]"
#ifdef ENABLE_NATPMP
" [-N]"
#endif
@ -2059,7 +2066,7 @@ print_usage:
#if defined(USE_PF) || defined(USE_IPF)
"\t-L sets packet log in pf and ipf on.\n"
#endif
"\t-S sets \"secure\" mode : clients can only add mappings to their own ip\n"
"\t-S0 disable \"secure\" mode so clients can add mappings to other ips\n"
"\t-U causes miniupnpd to report system uptime instead "
"of daemon uptime.\n"
#ifdef ENABLE_NATPMP

4
miniupnpd/miniupnpd.conf
View File

@ -118,8 +118,8 @@
#bitrate_down=10000000
# Secure Mode, UPnP clients can only add mappings to their own IP
#secure_mode=yes
secure_mode=no
# Enabled by default
#secure_mode=no
# Default presentation URL is HTTP address on port 80
# If set to an empty string, no presentationURL element will appear