Don't allow unhandled POSTs to write to the filesystem by default

If there's no registered handler for a POST request, the default behaviour is to write it to the filesystem. Several million deployed devices appear to have this behaviour, making it possible to (at least) store arbitrary data on them. Add a configure option that enables this behaviour, and change the default to just drop POSTs that aren't directly handled.
mjg59 · Jul 18, 2016 · be0a01b · be0a01b
1 parent bb994b9
commit be0a01b
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 0 deletions.
diff --git a/configure.ac b/configure.ac
@@ -482,6 +482,10 @@ if test "x$enable_scriptsupport" = xyes ; then
         AC_DEFINE(IXML_HAVE_SCRIPTSUPPORT, 1, [see upnpconfig.h])
 fi
 
+RT_BOOL_ARG_ENABLE([postwrite], [no], [write to the filesystem on otherwise unhandled POST requests])
+if test "x$enable_postwrite" = xyes ; then
+        AC_DEFINE(UPNP_ENABLE_POST_WRITE, 1, [see upnpconfig.h])
+fi
 
 RT_BOOL_ARG_ENABLE([samples], [yes], [compilation of upnp/sample/ code])
 

diff --git a/upnp/inc/upnpconfig.h.in b/upnp/inc/upnpconfig.h.in
@@ -135,5 +135,10 @@
  *  (i.e. configure --enable-open_ssl) */
 #undef UPNP_ENABLE_OPEN_SSL
 
+/** Defined to 1 if the library has been compiled to support filesystem writes on POST
+ *  (i.e. configure --enable-postwrite) */
+#undef UPNP_ENABLE_POST_WRITE
+
+
 #endif /* UPNP_CONFIG_H */
 
diff --git a/upnp/src/genlib/net/http/webserver.c b/upnp/src/genlib/net/http/webserver.c
@@ -1369,9 +1369,13 @@ static int http_RecvPostMessage(
 		if (Fp == NULL)
 			return HTTP_INTERNAL_SERVER_ERROR;
 	} else {
+#ifdef UPNP_ENABLE_POST_WRITE
 		Fp = fopen(filename, "wb");
 		if (Fp == NULL)
 			return HTTP_UNAUTHORIZED;
+#else
+		return HTTP_NOT_FOUND;
+#endif
 	}
 	parser->position = POS_ENTITY;
 	do {