Permalink
Browse files

Don't allow unhandled POSTs to write to the filesystem by default

If there's no registered handler for a POST request, the default behaviour
is to write it to the filesystem. Several million deployed devices appear
to have this behaviour, making it possible to (at least) store arbitrary
data on them. Add a configure option that enables this behaviour, and change
the default to just drop POSTs that aren't directly handled.
  • Loading branch information...
1 parent bb994b9 commit be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd Matthew Garrett committed with Feb 23, 2016
Showing with 13 additions and 0 deletions.
  1. +4 −0 configure.ac
  2. +5 −0 upnp/inc/upnpconfig.h.in
  3. +4 −0 upnp/src/genlib/net/http/webserver.c
View
@@ -482,6 +482,10 @@ if test "x$enable_scriptsupport" = xyes ; then
AC_DEFINE(IXML_HAVE_SCRIPTSUPPORT, 1, [see upnpconfig.h])
fi
+RT_BOOL_ARG_ENABLE([postwrite], [no], [write to the filesystem on otherwise unhandled POST requests])
+if test "x$enable_postwrite" = xyes ; then
+ AC_DEFINE(UPNP_ENABLE_POST_WRITE, 1, [see upnpconfig.h])
+fi
RT_BOOL_ARG_ENABLE([samples], [yes], [compilation of upnp/sample/ code])
@@ -135,5 +135,10 @@
* (i.e. configure --enable-open_ssl) */
#undef UPNP_ENABLE_OPEN_SSL
+/** Defined to 1 if the library has been compiled to support filesystem writes on POST
+ * (i.e. configure --enable-postwrite) */
+#undef UPNP_ENABLE_POST_WRITE
+
+
#endif /* UPNP_CONFIG_H */
@@ -1369,9 +1369,13 @@ static int http_RecvPostMessage(
if (Fp == NULL)
return HTTP_INTERNAL_SERVER_ERROR;
} else {
+#ifdef UPNP_ENABLE_POST_WRITE
Fp = fopen(filename, "wb");
if (Fp == NULL)
return HTTP_UNAUTHORIZED;
+#else
+ return HTTP_NOT_FOUND;
+#endif
}
parser->position = POS_ENTITY;
do {

0 comments on commit be0a01b

Please sign in to comment.