Re: [Linux-igd-devel] Security issues to address...
Status: Beta
Brought to you by:
krazydime
Menu
▾
▴
Re: [Linux-igd-devel] Security issues to address...
|
From: Nektarios K. P. <npa...@in...> - 2006-08-14 13:02:07
|
Daniel J Blueman wrote: > With 0.95 out, there are some security issues that need to be addressed. > > Armijn Hemel has pointed out some areas he was able to exploit (see > http://www.upnp-hacks.org/stacks.html#linux-igd). > > The security update to always store IP addresses in inaddr structures, > rather than (unbounded) strings isn't much work overall, so I can get > a patch in for this. > > There does need to be a check through the code paths to ensure > requests are correctly validated, and to address some of the issues > that Armijn has raised. > > Any thoughts? In the update Layer3Forwarding patch, I added a check for the protocol type in the AddPortMapping handling code. I also have in a TODO comment the checks for the rest of the input arguments. Regarding the check for a valid NewInternalClient/NewRemoteHost arguments do you think a check for a valid IP string is sufficient or do we need to support dns look up? I think the spec permits an IGD device not to accept hostname for these arguments. I can fill the missing parts for: isBoolean(...) isUI4(...) isUI2(...) isAddress(...) although I think the libupnp itself is better place to implement at least the first three. I'm not sure I understand the final comment in the Armijn report: <quote> ...,but there is no check to see whether or not NewInternalClient is an external IP address. </quote> Why is it important whether or not it is an external IP address. I think the right input/output interface is properly set in the iptables invocation so having an external IP address in the NewInternalClient will just result in an ACCEPT rule that is impossible to trigger. What do I miss here? -- Nektarios K. Papadopoulos inAccess Networks |
