Skip to content

Commit be0a01b

Browse files
mjg59Matthew Garrett
authored and
Matthew Garrett
committed
Don't allow unhandled POSTs to write to the filesystem by default
If there's no registered handler for a POST request, the default behaviour is to write it to the filesystem. Several million deployed devices appear to have this behaviour, making it possible to (at least) store arbitrary data on them. Add a configure option that enables this behaviour, and change the default to just drop POSTs that aren't directly handled.
1 parent bb994b9 commit be0a01b

File tree

3 files changed

+13
-0
lines changed

3 files changed

+13
-0
lines changed

Diff for: configure.ac

+4
Original file line numberDiff line numberDiff line change
@@ -482,6 +482,10 @@ if test "x$enable_scriptsupport" = xyes ; then
482482
AC_DEFINE(IXML_HAVE_SCRIPTSUPPORT, 1, [see upnpconfig.h])
483483
fi
484484

485+
RT_BOOL_ARG_ENABLE([postwrite], [no], [write to the filesystem on otherwise unhandled POST requests])
486+
if test "x$enable_postwrite" = xyes ; then
487+
AC_DEFINE(UPNP_ENABLE_POST_WRITE, 1, [see upnpconfig.h])
488+
fi
485489

486490
RT_BOOL_ARG_ENABLE([samples], [yes], [compilation of upnp/sample/ code])
487491

Diff for: upnp/inc/upnpconfig.h.in

+5
Original file line numberDiff line numberDiff line change
@@ -135,5 +135,10 @@
135135
* (i.e. configure --enable-open_ssl) */
136136
#undef UPNP_ENABLE_OPEN_SSL
137137

138+
/** Defined to 1 if the library has been compiled to support filesystem writes on POST
139+
* (i.e. configure --enable-postwrite) */
140+
#undef UPNP_ENABLE_POST_WRITE
141+
142+
138143
#endif /* UPNP_CONFIG_H */
139144

Diff for: upnp/src/genlib/net/http/webserver.c

+4
Original file line numberDiff line numberDiff line change
@@ -1369,9 +1369,13 @@ static int http_RecvPostMessage(
13691369
if (Fp == NULL)
13701370
return HTTP_INTERNAL_SERVER_ERROR;
13711371
} else {
1372+
#ifdef UPNP_ENABLE_POST_WRITE
13721373
Fp = fopen(filename, "wb");
13731374
if (Fp == NULL)
13741375
return HTTP_UNAUTHORIZED;
1376+
#else
1377+
return HTTP_NOT_FOUND;
1378+
#endif
13751379
}
13761380
parser->position = POS_ENTITY;
13771381
do {

0 commit comments

Comments
 (0)