package/minidlna: security bump to version 1.3.2

- Improved DNS rebinding attack protection.
- Fixed a potential crash in SSDP request parsing.
- Drop patch (already in version)

https://sourceforge.net/projects/minidlna/files/minidlna/1.3.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit is contained in:
Fabrice Fontaine 2022-09-04 23:04:48 +02:00 committed by Yann E. MORIN
parent f73718ce5e
commit 7713f6dd98
3 changed files with 4 additions and 73 deletions

View File

@ -1,66 +0,0 @@
From c21208508dbc131712281ec5340687e5ae89e940 Mon Sep 17 00:00:00 2001
From: Justin Maggard <jmaggard@arlo.com>
Date: Wed, 9 Feb 2022 18:32:50 -0800
Subject: [PATCH] upnphttp: Protect against DNS rebinding attacks
Validate HTTP requests to protect against DNS rebinding.
[Retrieved from:
https://sourceforge.net/p/minidlna/git/ci/c21208508dbc131712281ec5340687e5ae89e940/]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
upnphttp.c | 17 +++++++++++++++++
upnphttp.h | 2 ++
2 files changed, 19 insertions(+)
diff --git a/upnphttp.c b/upnphttp.c
index c8b5e99..62db89a 100644
--- a/upnphttp.c
+++ b/upnphttp.c
@@ -273,6 +273,11 @@ ParseHttpHeaders(struct upnphttp * h)
p = colon + 1;
while(isspace(*p))
p++;
+ n = 0;
+ while(p[n] >= ' ')
+ n++;
+ h->req_Host = p;
+ h->req_HostLen = n;
for(n = 0; n < n_lan_addr; n++)
{
for(i = 0; lan_addr[n].str[i]; i++)
@@ -909,6 +914,18 @@ ProcessHttpQuery_upnphttp(struct upnphttp * h)
}
DPRINTF(E_DEBUG, L_HTTP, "HTTP REQUEST: %.*s\n", h->req_buflen, h->req_buf);
+ if(h->req_Host && h->req_HostLen > 0) {
+ const char *ptr = h->req_Host;
+ DPRINTF(E_MAXDEBUG, L_HTTP, "Host: %.*s\n", h->req_HostLen, h->req_Host);
+ for(i = 0; i < h->req_HostLen; i++) {
+ if(*ptr != ':' && *ptr != '.' && (*ptr > '9' || *ptr < '0')) {
+ DPRINTF(E_ERROR, L_HTTP, "DNS rebinding attack suspected (Host: %.*s)", h->req_HostLen, h->req_Host);
+ Send404(h);/* 403 */
+ return;
+ }
+ ptr++;
+ }
+ }
if(strcmp("POST", HttpCommand) == 0)
{
h->req_command = EPost;
diff --git a/upnphttp.h b/upnphttp.h
index e28a943..57eb2bb 100644
--- a/upnphttp.h
+++ b/upnphttp.h
@@ -89,6 +89,8 @@ struct upnphttp {
struct client_cache_s * req_client;
const char * req_soapAction;
int req_soapActionLen;
+ const char * req_Host; /* Host: header */
+ int req_HostLen;
const char * req_Callback; /* For SUBSCRIBE */
int req_CallbackLen;
const char * req_NT;
--
2.34.1

View File

@ -1,6 +1,6 @@
# From https://sourceforge.net/projects/minidlna/files/minidlna/1.3.0/
sha1 6563a881884879b2aef52611934e08bb42985964 minidlna-1.3.0.tar.gz
# From https://sourceforge.net/projects/minidlna/files/minidlna/1.3.2/
sha1 71750adadc34490d52f0b9a930c2731a47f9772d minidlna-1.3.2.tar.gz
# Locally computed
sha256 47d9b06b4c48801a4c1112ec23d24782728b5495e95ec2195bbe5c81bc2d3c63 minidlna-1.3.0.tar.gz
sha256 222ce45a1a60c3ce3de17527955d38e5ff7a4592d61db39577e6bf88e0ae1cb0 minidlna-1.3.2.tar.gz
sha256 79146b7f558e56510b9a714ff75318c05ab93aeccfd6597497b9bce212cf92ea COPYING
sha256 94876d7886116e176e702b4902bd9f19731a6883db5f229ac2a7058a22aa6529 LICENCE.miniupnpd

View File

@ -4,7 +4,7 @@
#
################################################################################
MINIDLNA_VERSION = 1.3.0
MINIDLNA_VERSION = 1.3.2
MINIDLNA_SITE = https://downloads.sourceforge.net/project/minidlna/minidlna/$(MINIDLNA_VERSION)
MINIDLNA_LICENSE = GPL-2.0, BSD-3-Clause
MINIDLNA_LICENSE_FILES = COPYING LICENCE.miniupnpd
@ -12,9 +12,6 @@ MINIDLNA_CPE_ID_VENDOR = readymedia_project
MINIDLNA_CPE_ID_PRODUCT = readymedia
MINIDLNA_SELINUX_MODULES = minidlna
# 0001-upnphttp-Protect-against-DNS-rebinding-attacks.patch
MINIDLNA_IGNORE_CVES += CVE-2022-26505
MINIDLNA_DEPENDENCIES = \
$(TARGET_NLS_DEPENDENCIES) \
ffmpeg flac libvorbis libogg libid3tag libexif jpeg sqlite \