Commit Graph

35 Commits

Author SHA1 Message Date
Thomas Bernard 181850ad1f miniupnpd/upnphttp.c: check ':' in HTTP header names 2014-12-09 18:28:23 +01:00
Thomas Bernard 98cc73a372 miniupnpd/upnphttp: Checking Host: HTTP request header to prevent DNS rebinding attack 2014-12-09 17:49:02 +01:00
Thomas Bernard 31986d8190 miniupnpd/upnphttp.c: fix 526e1dcd40 2014-12-09 17:48:14 +01:00
Thomas Bernard 9e30117cac miniupnpd/upnphttp.c: fix ec94c5663f
thanks to Stephen Röttger
2014-12-09 11:44:28 +01:00
Thomas Bernard 526e1dcd40 miniupnpd/upnphttp.c: skip only spaces and tab (stop on CR and LF) 2014-12-09 11:38:50 +01:00
Thomas Bernard 064c78730c miniupnpd/upnphttp.c: cosmetical changes 2014-12-09 11:04:38 +01:00
Thomas Bernard ec94c5663f miniupnpd: check if BuildHeader_upnphttp() failed to allocate memory 2014-12-09 11:04:15 +01:00
Thomas Bernard dd39ecaa93 miniupnpd/upnphttp.c: fix buffer overrun in ParseHttpHeaders() if Content-Length doesn't contain any digit
Credits goes to Stephen Röttger of the Google Security Team for identifying
the vulnerabilities
2014-12-09 11:02:57 +01:00
Thomas Bernard 11e71207c8 miniupnpd/upnphttp.c: log OpenSSL version used 2014-04-11 09:48:50 +02:00
Thomas Bernard 947be5aafc upnphttp.c: Configure OpenSSL client cert verification 2014-04-10 23:28:41 +02:00
Thomas Bernard e26174d05d miniupnpd: free OpenSSL memory 2014-04-09 16:09:31 +02:00
Thomas Bernard bbe96a15b6 miniupnpd: adding HTTPS support 2014-04-09 15:35:06 +02:00
Thomas Bernard 76170e5413 miniupnpd/upnphttp.c: Support for multiple URL in Callback: header (SUBSCRIBE) 2014-03-15 10:52:39 +01:00
Thomas Bernard ac1d36d872 upnphttp.c: Added Ext: header to HTTP responses to conform to UDA 2013-02-07 11:26:48 +01:00
Thomas Bernard 50965a6ae1 upnphttp.c: add comments about ParseHttpHeaders() 2013-01-29 22:56:27 +01:00
Thomas Bernard ea141830f6 upnphttp.c: remove strchr() call in ParseHttpHeaders() 2013-01-29 22:55:57 +01:00
Thomas Bernard 72e570186c upnphttp.c: Fix and comment the findendheaders() function 2013-01-29 22:54:55 +01:00
Thomas Bernard 3b5eacb3ae upnphttp: ParseHttpHeaders() checks atoi() return
atoi() can return a negative value, and that can lead to problems
later
2013-01-27 21:07:40 +01:00
Thomas Bernard 60d1db157a miniupnpd: More return value check for malloc() and realloc() 2012-12-11 22:10:57 +01:00
Thomas Bernard 5e48745eb3 miniupnpd/upnphttp: fix buffer allocation for response
increased default buffer size for HTTP response
check size of h->res_buf before building HTTP response
2012-10-05 00:28:06 +02:00
Thomas Bernard 4ce891ec17 miniupnpd/upnphttp: Check compliance of headers for (UN)SUBSCRIBE
Enforce compliance for SUBSCRIBE messages (UPNP_STRICT mode)
Enforce compliance for UNSUBSCRIBE messages (UPNP_STRICT mode)
2012-10-05 00:25:08 +02:00
Thomas Bernard 7227e55dba ENABLE_HTTP_DATE : add a Date: header to all HTTP responses 2012-10-05 00:17:40 +02:00
Thomas Bernard 8b8772eed1 miniupnpd: Support Expect: 100-continue for POST HTTP requests 2012-09-28 11:12:50 +02:00
Thomas Bernard 9d94d08bd8 miniupnpd: Content-Type is now text/xml; charset="utf-8" to conform with UDA v1.1 2012-09-28 11:12:01 +02:00
Thomas Bernard 727eaeb2e8 miniupnpd/upnphttp: Support for Accept-Language/Content-Language HTTP headers 2012-09-28 11:10:20 +02:00
Thomas Bernard adb9941296 Cleanup HTTP request handling. Answer 405 when relevant 2012-05-31 15:29:18 +02:00
Thomas Bernard e42dfd3284 Remove Warnings caused by signed/unsigned integer comparaisons 2012-05-01 11:52:21 +02:00
Thomas Bernard d9cb61b124 Fix a bug in upnphttp
Thanks to Chiaki ISHIKAWA
2012-04-26 00:30:32 +02:00
Shawn Landen 5c224accbf remove trailing whitespace from miniupnpd 2012-02-29 17:48:41 -08:00
Thomas Bernard af60fee984 Make HTTP (SOAP) sockets non blocking 2012-02-07 01:26:15 +01:00
Thomas Bernard 73ef11624a always handle EAGAIN, EWOULDBLOCK and EINTR after recv()/recvfrom() calls 2012-02-02 18:45:43 +01:00
Thomas Bernard c07408ef1f Always #include <netinet/in.h> before #include <arpa/inet.h> (for OpenBSD) 2012-01-20 22:55:43 +01:00
Thomas Bernard 24065dbaba Replaced SendResp_upnphttp()+CloseSocket_upnphttp() by SendRespAndClose_upnphttp() 2011-11-18 12:23:16 +01:00
Thomas Bernard 0ff86e4975 avoid infinite loop in SendResp_upnphttp() in case of error 2011-11-18 12:15:24 +01:00
Thomas Bernard 0d96346588 Adding miniupnpd 2011-09-28 21:13:20 +02:00