ADCH++ had a security bug that allowed UCMD extension to be relayed.

uhub did not have this security bug since the hub did not advertise support for the
UCMD extension, but the message was still correctly relayed as specified in the
protocol specification.

However, this commit adds support for the UCMD extension, but only to the extent
that uhub will advertise it and uhub will also drop any such CMD message
generated by a client and will (currently) never issues a CMD message by itself.
This commit is contained in:
Jan Vidar Krey 2012-07-30 00:08:12 +02:00
parent 949b54fcdd
commit cba0121574
2 changed files with 18 additions and 1 deletions

View File

@ -33,7 +33,7 @@ typedef uint32_t fourcc_t;
#define FOURCC(a,b,c,d) (fourcc_t) ((a << 24) | (b << 16) | (c << 8) | d) #define FOURCC(a,b,c,d) (fourcc_t) ((a << 24) | (b << 16) | (c << 8) | d)
/* default welcome protocol support message, as sent by this server */ /* default welcome protocol support message, as sent by this server */
#define ADC_PROTO_SUPPORT "ADBASE ADTIGR ADPING" #define ADC_PROTO_SUPPORT "ADBASE ADTIGR ADPING ADUCMD"
/* Server sent commands */ /* Server sent commands */
#define ADC_CMD_ISID FOURCC('I','S','I','D') #define ADC_CMD_ISID FOURCC('I','S','I','D')
@ -93,6 +93,15 @@ typedef uint32_t fourcc_t;
/* Extension messages */ /* Extension messages */
#define ADC_CMD_HCHK FOURCC('H','C','H','K') #define ADC_CMD_HCHK FOURCC('H','C','H','K')
/* UCMD Extension */
#define ADC_CMD_BCMD FOURCC('B','C','M','D')
#define ADC_CMD_DCMD FOURCC('D','C','M','D')
#define ADC_CMD_ECMD FOURCC('E','C','M','D')
#define ADC_CMD_FCMD FOURCC('F','C','M','D')
#define ADC_CMD_HCMD FOURCC('H','C','M','D')
#define ADC_CMD_ICMD FOURCC('I','C','M','D')
#define ADC_INF_FLAG_IPV4_ADDR "I4" /* ipv4 address */ #define ADC_INF_FLAG_IPV4_ADDR "I4" /* ipv4 address */
#define ADC_INF_FLAG_IPV6_ADDR "I6" /* ipv6 address */ #define ADC_INF_FLAG_IPV6_ADDR "I6" /* ipv6 address */
#define ADC_INF_FLAG_IPV4_UDP_PORT "U4" /* port number */ #define ADC_INF_FLAG_IPV4_UDP_PORT "U4" /* port number */

View File

@ -129,6 +129,14 @@ int hub_handle_message(struct hub_info* hub, struct hub_user* u, const char* lin
CHECK_FLOOD(connect, 1); CHECK_FLOOD(connect, 1);
ROUTE_MSG; ROUTE_MSG;
case ADC_CMD_BCMD:
case ADC_CMD_DCMD:
case ADC_CMD_ECMD:
case ADC_CMD_FCMD:
case ADC_CMD_HCMD:
CHECK_FLOOD(extras, 1);
break;
default: default:
CHECK_FLOOD(extras, 1); CHECK_FLOOD(extras, 1);
ROUTE_MSG; ROUTE_MSG;