Thomas Bernard
|
181850ad1f
|
miniupnpd/upnphttp.c: check ':' in HTTP header names
|
2014-12-09 18:28:23 +01:00 |
Thomas Bernard
|
98cc73a372
|
miniupnpd/upnphttp: Checking Host: HTTP request header to prevent DNS rebinding attack
|
2014-12-09 17:49:02 +01:00 |
Thomas Bernard
|
31986d8190
|
miniupnpd/upnphttp.c: fix 526e1dcd40
|
2014-12-09 17:48:14 +01:00 |
Thomas Bernard
|
9e30117cac
|
miniupnpd/upnphttp.c: fix ec94c5663f
thanks to Stephen Röttger
|
2014-12-09 11:44:28 +01:00 |
Thomas Bernard
|
526e1dcd40
|
miniupnpd/upnphttp.c: skip only spaces and tab (stop on CR and LF)
|
2014-12-09 11:38:50 +01:00 |
Thomas Bernard
|
064c78730c
|
miniupnpd/upnphttp.c: cosmetical changes
|
2014-12-09 11:04:38 +01:00 |
Thomas Bernard
|
ec94c5663f
|
miniupnpd: check if BuildHeader_upnphttp() failed to allocate memory
|
2014-12-09 11:04:15 +01:00 |
Thomas Bernard
|
dd39ecaa93
|
miniupnpd/upnphttp.c: fix buffer overrun in ParseHttpHeaders() if Content-Length doesn't contain any digit
Credits goes to Stephen Röttger of the Google Security Team for identifying
the vulnerabilities
|
2014-12-09 11:02:57 +01:00 |
Thomas Bernard
|
11e71207c8
|
miniupnpd/upnphttp.c: log OpenSSL version used
|
2014-04-11 09:48:50 +02:00 |
Thomas Bernard
|
947be5aafc
|
upnphttp.c: Configure OpenSSL client cert verification
|
2014-04-10 23:28:41 +02:00 |
Thomas Bernard
|
e26174d05d
|
miniupnpd: free OpenSSL memory
|
2014-04-09 16:09:31 +02:00 |
Thomas Bernard
|
bbe96a15b6
|
miniupnpd: adding HTTPS support
|
2014-04-09 15:35:06 +02:00 |
Thomas Bernard
|
76170e5413
|
miniupnpd/upnphttp.c: Support for multiple URL in Callback: header (SUBSCRIBE)
|
2014-03-15 10:52:39 +01:00 |
Thomas Bernard
|
ac1d36d872
|
upnphttp.c: Added Ext: header to HTTP responses to conform to UDA
|
2013-02-07 11:26:48 +01:00 |
Thomas Bernard
|
50965a6ae1
|
upnphttp.c: add comments about ParseHttpHeaders()
|
2013-01-29 22:56:27 +01:00 |
Thomas Bernard
|
ea141830f6
|
upnphttp.c: remove strchr() call in ParseHttpHeaders()
|
2013-01-29 22:55:57 +01:00 |
Thomas Bernard
|
72e570186c
|
upnphttp.c: Fix and comment the findendheaders() function
|
2013-01-29 22:54:55 +01:00 |
Thomas Bernard
|
3b5eacb3ae
|
upnphttp: ParseHttpHeaders() checks atoi() return
atoi() can return a negative value, and that can lead to problems
later
|
2013-01-27 21:07:40 +01:00 |
Thomas Bernard
|
60d1db157a
|
miniupnpd: More return value check for malloc() and realloc()
|
2012-12-11 22:10:57 +01:00 |
Thomas Bernard
|
5e48745eb3
|
miniupnpd/upnphttp: fix buffer allocation for response
increased default buffer size for HTTP response
check size of h->res_buf before building HTTP response
|
2012-10-05 00:28:06 +02:00 |
Thomas Bernard
|
4ce891ec17
|
miniupnpd/upnphttp: Check compliance of headers for (UN)SUBSCRIBE
Enforce compliance for SUBSCRIBE messages (UPNP_STRICT mode)
Enforce compliance for UNSUBSCRIBE messages (UPNP_STRICT mode)
|
2012-10-05 00:25:08 +02:00 |
Thomas Bernard
|
7227e55dba
|
ENABLE_HTTP_DATE : add a Date: header to all HTTP responses
|
2012-10-05 00:17:40 +02:00 |
Thomas Bernard
|
8b8772eed1
|
miniupnpd: Support Expect: 100-continue for POST HTTP requests
|
2012-09-28 11:12:50 +02:00 |
Thomas Bernard
|
9d94d08bd8
|
miniupnpd: Content-Type is now text/xml; charset="utf-8" to conform with UDA v1.1
|
2012-09-28 11:12:01 +02:00 |
Thomas Bernard
|
727eaeb2e8
|
miniupnpd/upnphttp: Support for Accept-Language/Content-Language HTTP headers
|
2012-09-28 11:10:20 +02:00 |
Thomas Bernard
|
adb9941296
|
Cleanup HTTP request handling. Answer 405 when relevant
|
2012-05-31 15:29:18 +02:00 |
Thomas Bernard
|
e42dfd3284
|
Remove Warnings caused by signed/unsigned integer comparaisons
|
2012-05-01 11:52:21 +02:00 |
Thomas Bernard
|
d9cb61b124
|
Fix a bug in upnphttp
Thanks to Chiaki ISHIKAWA
|
2012-04-26 00:30:32 +02:00 |
Shawn Landen
|
5c224accbf
|
remove trailing whitespace from miniupnpd
|
2012-02-29 17:48:41 -08:00 |
Thomas Bernard
|
af60fee984
|
Make HTTP (SOAP) sockets non blocking
|
2012-02-07 01:26:15 +01:00 |
Thomas Bernard
|
73ef11624a
|
always handle EAGAIN, EWOULDBLOCK and EINTR after recv()/recvfrom() calls
|
2012-02-02 18:45:43 +01:00 |
Thomas Bernard
|
c07408ef1f
|
Always #include <netinet/in.h> before #include <arpa/inet.h> (for OpenBSD)
|
2012-01-20 22:55:43 +01:00 |
Thomas Bernard
|
24065dbaba
|
Replaced SendResp_upnphttp()+CloseSocket_upnphttp() by SendRespAndClose_upnphttp()
|
2011-11-18 12:23:16 +01:00 |
Thomas Bernard
|
0ff86e4975
|
avoid infinite loop in SendResp_upnphttp() in case of error
|
2011-11-18 12:15:24 +01:00 |
Thomas Bernard
|
0d96346588
|
Adding miniupnpd
|
2011-09-28 21:13:20 +02:00 |