Context Navigation

← Previous Changeset
Next Changeset →

Changeset 6fdb2d1a0 in mythtv

Timestamp:

Nov 29, 2014, 10:53:27 PM (10 years ago)

Author:

Stuart Morgan <smorgan@…>

Branches:

fixes/0.27

Children:

70653f18a

Parents:

bd762efd16

git-author:

Stuart Morgan <smorgan@…> (11/29/14 22:53:27)

git-committer:

Stuart Morgan <smorgan@…> (11/29/14 22:54:58)

Message:

SSDP: Disable reflection attack mitigation for now, it's triggering false positives.

(cherry picked from commit 02e92a265c1e9825bb58806156fbf31bd740515a)

File:

: 1 edited

mythtv/libs/libmythupnp/ssdp.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

mythtv/libs/libmythupnp/ssdp.cpp

-                      rbd762efd16
+                      r6fdb2d1a0
     // TODO: We may want to restrict this to the same subnet as the server
     //       for added security
     if (!peerAddress.isNull() && (peerAddress != QHostAddress::Null) &&
         ((peerAddress.protocol() == QAbstractSocket::IPv4Protocol) &&
             (!peerAddress.isInSubnet(QHostAddress("172.16.0.0"), 12) &&
             !peerAddress.isInSubnet(QHostAddress("192.168.0.0"), 16) &&
             !peerAddress.isInSubnet(QHostAddress("10.0.0.0"), 8))) ||
         ((peerAddress.protocol() == QAbstractSocket::IPv6Protocol) &&
             !peerAddress.isInSubnet(pSocket->address(), 64))) // default subnet size is assumed to be /64
+    {
         LOG(VB_GENERAL, LOG_CRIT, QString("SSDP Request from WAN IP "
                                             "address (%1). Possible SSDP "
                                             "Reflection attempt. Ignoring as "
                                             "security risk.")
                                                 .arg(peerAddress.toString()));
         pSocket->readAll(); // Discard the data in the socket buffer
         return;
+    }
+//     if (!peerAddress.isNull() && (peerAddress != QHostAddress::Null) &&
+//         ((peerAddress.protocol() == QAbstractSocket::IPv4Protocol) &&
+//             (!peerAddress.isInSubnet(QHostAddress("172.16.0.0"), 12) &&
+//             !peerAddress.isInSubnet(QHostAddress("192.168.0.0"), 16) &&
+//             !peerAddress.isInSubnet(QHostAddress("10.0.0.0"), 8))) ||
+//         ((peerAddress.protocol() == QAbstractSocket::IPv6Protocol) &&
+//             !peerAddress.isInSubnet(pSocket->address(), 64))) // default subnet size is assumed to be /64
+//     {
+//         LOG(VB_GENERAL, LOG_CRIT, QString("SSDP Request from WAN IP "
+//                                             "address (%1). Possible SSDP "
+//                                             "Reflection attempt. Ignoring as "
+//                                             "security risk.")
+//                                                 .arg(peerAddress.toString()));
+//         pSocket->readAll(); // Discard the data in the socket buffer
+//         return;
+//     }
     QByteArray buffer;

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 6fdb2d1a0 in mythtv

Legend:

mythtv/libs/libmythupnp/ssdp.cpp

Download in other formats: