ADCH++ had a security bug that allowed UCMD extension to be relayed.
uhub did not have this security bug since the hub did not advertise support for the UCMD extension, but the message was still correctly relayed as specified in the protocol specification. However, this commit adds support for the UCMD extension, but only to the extent that uhub will advertise it and uhub will also drop any such CMD message generated by a client and will (currently) never issues a CMD message by itself.
This commit is contained in:
parent
949b54fcdd
commit
cba0121574
@ -33,7 +33,7 @@ typedef uint32_t fourcc_t;
|
||||
#define FOURCC(a,b,c,d) (fourcc_t) ((a << 24) | (b << 16) | (c << 8) | d)
|
||||
|
||||
/* default welcome protocol support message, as sent by this server */
|
||||
#define ADC_PROTO_SUPPORT "ADBASE ADTIGR ADPING"
|
||||
#define ADC_PROTO_SUPPORT "ADBASE ADTIGR ADPING ADUCMD"
|
||||
|
||||
/* Server sent commands */
|
||||
#define ADC_CMD_ISID FOURCC('I','S','I','D')
|
||||
@ -93,6 +93,15 @@ typedef uint32_t fourcc_t;
|
||||
/* Extension messages */
|
||||
#define ADC_CMD_HCHK FOURCC('H','C','H','K')
|
||||
|
||||
/* UCMD Extension */
|
||||
#define ADC_CMD_BCMD FOURCC('B','C','M','D')
|
||||
#define ADC_CMD_DCMD FOURCC('D','C','M','D')
|
||||
#define ADC_CMD_ECMD FOURCC('E','C','M','D')
|
||||
#define ADC_CMD_FCMD FOURCC('F','C','M','D')
|
||||
#define ADC_CMD_HCMD FOURCC('H','C','M','D')
|
||||
#define ADC_CMD_ICMD FOURCC('I','C','M','D')
|
||||
|
||||
|
||||
#define ADC_INF_FLAG_IPV4_ADDR "I4" /* ipv4 address */
|
||||
#define ADC_INF_FLAG_IPV6_ADDR "I6" /* ipv6 address */
|
||||
#define ADC_INF_FLAG_IPV4_UDP_PORT "U4" /* port number */
|
||||
|
@ -129,6 +129,14 @@ int hub_handle_message(struct hub_info* hub, struct hub_user* u, const char* lin
|
||||
CHECK_FLOOD(connect, 1);
|
||||
ROUTE_MSG;
|
||||
|
||||
case ADC_CMD_BCMD:
|
||||
case ADC_CMD_DCMD:
|
||||
case ADC_CMD_ECMD:
|
||||
case ADC_CMD_FCMD:
|
||||
case ADC_CMD_HCMD:
|
||||
CHECK_FLOOD(extras, 1);
|
||||
break;
|
||||
|
||||
default:
|
||||
CHECK_FLOOD(extras, 1);
|
||||
ROUTE_MSG;
|
||||
|
Loading…
Reference in New Issue
Block a user