Fix DDOS and SSRF issue : 4thline/cling#253

src/main/java/com/distrimind/upnp_igd/DefaultUpnpServiceConfiguration.java

@@ -19,6 +19,7 @@
 import com.distrimind.upnp_igd.binding.xml.ServiceDescriptorBinder;
 import com.distrimind.upnp_igd.binding.xml.UDA10DeviceDescriptorBinderImpl;
 import com.distrimind.upnp_igd.binding.xml.UDA10ServiceDescriptorBinderImpl;
+import com.distrimind.upnp_igd.model.Constants;
 import com.distrimind.upnp_igd.model.ModelUtil;
 import com.distrimind.upnp_igd.model.Namespace;
 import com.distrimind.upnp_igd.model.message.UpnpHeaders;
@@ -100,29 +101,30 @@ public class DefaultUpnpServiceConfiguration implements UpnpServiceConfiguration
     final private ServiceDescriptorBinder serviceDescriptorBinderUDA10;
 
     final private Namespace namespace;
+    final private int multicastPort;
 
     /**
      * Defaults to port '0', ephemeral.
      */
     public DefaultUpnpServiceConfiguration() {
-        this(NetworkAddressFactoryImpl.DEFAULT_TCP_HTTP_LISTEN_PORT);
+        this(NetworkAddressFactoryImpl.DEFAULT_TCP_HTTP_LISTEN_PORT, Constants.UPNP_MULTICAST_PORT);
     }
 
-    public DefaultUpnpServiceConfiguration(int streamListenPort) {
-        this(streamListenPort, true);
+    public DefaultUpnpServiceConfiguration(int streamListenPort, int multicastPort) {
+        this(streamListenPort, multicastPort, true);
     }
 
     protected DefaultUpnpServiceConfiguration(boolean checkRuntime) {
-        this(NetworkAddressFactoryImpl.DEFAULT_TCP_HTTP_LISTEN_PORT, checkRuntime);
+        this(NetworkAddressFactoryImpl.DEFAULT_TCP_HTTP_LISTEN_PORT, Constants.UPNP_MULTICAST_PORT, checkRuntime);
     }
 
-    protected DefaultUpnpServiceConfiguration(int streamListenPort, boolean checkRuntime) {
+    protected DefaultUpnpServiceConfiguration(int streamListenPort, int multicastPort, boolean checkRuntime) {
         if (checkRuntime && ModelUtil.ANDROID_RUNTIME) {
             throw new Error("Unsupported runtime environment, use org.fourthline.cling.android.AndroidUpnpServiceConfiguration");
         }
 
         this.streamListenPort = streamListenPort;
-
+        this.multicastPort=multicastPort;
         defaultExecutorService = createDefaultExecutorService();
 
         datagramProcessor = createDatagramProcessor();
@@ -147,6 +149,10 @@ public GENAEventProcessor getGenaEventProcessor() {
         return genaEventProcessor;
     }
 
+    public int getMulticastPort() {
+        return multicastPort;
+    }
+
     public StreamClient createStreamClient() {
         return new StreamClientImpl(
             new StreamClientConfigurationImpl(
@@ -254,16 +260,16 @@ public Executor getRegistryListenerExecutor() {
     }
 
     public NetworkAddressFactory createNetworkAddressFactory() {
-        return createNetworkAddressFactory(streamListenPort);
+        return createNetworkAddressFactory(streamListenPort, multicastPort);
     }
 
     public void shutdown() {
         log.fine("Shutting down default executor service");
         getDefaultExecutorService().shutdownNow();
     }
 
-    protected NetworkAddressFactory createNetworkAddressFactory(int streamListenPort) {
-        return new NetworkAddressFactoryImpl(streamListenPort);
+    protected NetworkAddressFactory createNetworkAddressFactory(int streamListenPort, int multicastPort) {
+        return new NetworkAddressFactoryImpl(streamListenPort, multicastPort);
     }
 
     protected DatagramProcessor createDatagramProcessor() {

src/main/java/com/distrimind/upnp_igd/android/AndroidNetworkAddressFactory.java

@@ -36,8 +36,8 @@ public class AndroidNetworkAddressFactory extends NetworkAddressFactoryImpl {
 
     final private static Logger log = Logger.getLogger(AndroidUpnpServiceConfiguration.class.getName());
 
-    public AndroidNetworkAddressFactory(int streamListenPort) {
-        super(streamListenPort);
+    public AndroidNetworkAddressFactory(int streamListenPort, int multicastPort) {
+        super(streamListenPort, multicastPort);
     }
 
     @Override

src/main/java/com/distrimind/upnp_igd/android/AndroidUpnpServiceConfiguration.java

@@ -16,6 +16,7 @@
 package com.distrimind.upnp_igd.android;
 
 import android.os.Build;
+import com.distrimind.upnp_igd.model.Constants;
 import com.distrimind.upnp_igd.registry.Registry;
 import com.distrimind.upnp_igd.DefaultUpnpServiceConfiguration;
 import com.distrimind.upnp_igd.binding.xml.DeviceDescriptorBinder;
@@ -24,10 +25,7 @@
 import com.distrimind.upnp_igd.binding.xml.UDA10ServiceDescriptorBinderSAXImpl;
 import com.distrimind.upnp_igd.model.Namespace;
 import com.distrimind.upnp_igd.model.ServerClientTokens;
-import com.distrimind.upnp_igd.transport.impl.AsyncServletStreamServerConfigurationImpl;
-import com.distrimind.upnp_igd.transport.impl.AsyncServletStreamServerImpl;
-import com.distrimind.upnp_igd.transport.impl.RecoveringGENAEventProcessorImpl;
-import com.distrimind.upnp_igd.transport.impl.RecoveringSOAPActionProcessorImpl;
+import com.distrimind.upnp_igd.transport.impl.*;
 import com.distrimind.upnp_igd.transport.impl.jetty.JettyServletContainer;
 import com.distrimind.upnp_igd.transport.impl.jetty.StreamClientConfigurationImpl;
 import com.distrimind.upnp_igd.transport.impl.jetty.StreamClientImpl;
@@ -63,19 +61,19 @@
 public class AndroidUpnpServiceConfiguration extends DefaultUpnpServiceConfiguration {
 
     public AndroidUpnpServiceConfiguration() {
-        this(0); // Ephemeral port
+        this(NetworkAddressFactoryImpl.DEFAULT_TCP_HTTP_LISTEN_PORT, Constants.UPNP_MULTICAST_PORT);
     }
 
-    public AndroidUpnpServiceConfiguration(int streamListenPort) {
-        super(streamListenPort, false);
+    public AndroidUpnpServiceConfiguration(int streamListenPort, int multicastPort) {
+        super(streamListenPort, multicastPort, false);
 
         // This should be the default on Android 2.1 but it's not set by default
         System.setProperty("org.xml.sax.driver", "org.xmlpull.v1.sax2.Driver");
     }
 
     @Override
-    protected NetworkAddressFactory createNetworkAddressFactory(int streamListenPort) {
-        return new AndroidNetworkAddressFactory(streamListenPort);
+    protected NetworkAddressFactory createNetworkAddressFactory(int streamListenPort, int multicastPort) {
+        return new AndroidNetworkAddressFactory(streamListenPort, multicastPort);
     }
 
     @Override

src/main/java/com/distrimind/upnp_igd/transport/impl/NetworkAddressFactoryImpl.java

@@ -21,22 +21,8 @@
 import com.distrimind.upnp_igd.transport.spi.NoNetworkException;
 import org.seamless.util.Iterators;
 
-import java.net.Inet4Address;
-import java.net.Inet6Address;
-import java.net.InetAddress;
-import java.net.InterfaceAddress;
-import java.net.NetworkInterface;
-import java.net.SocketException;
-import java.net.UnknownHostException;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-import java.util.Locale;
+import java.net.*;
+import java.util.*;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -63,15 +49,16 @@ public class NetworkAddressFactoryImpl implements NetworkAddressFactory {
     final protected List<InetAddress> bindAddresses = new ArrayList<>();
 
     protected int streamListenPort;
+    private int multicastPort;
 
     /**
      * Defaults to an ephemeral port.
      */
     public NetworkAddressFactoryImpl() throws InitializationException {
-        this(DEFAULT_TCP_HTTP_LISTEN_PORT);
+        this(DEFAULT_TCP_HTTP_LISTEN_PORT, Constants.UPNP_MULTICAST_PORT);
     }
 
-    public NetworkAddressFactoryImpl(int streamListenPort) throws InitializationException {
+    public NetworkAddressFactoryImpl(int streamListenPort, int multicastPort) throws InitializationException {
 
     	System.setProperty("java.net.preferIPv4Stack", "true");
 
@@ -100,8 +87,11 @@ public NetworkAddressFactoryImpl(int streamListenPort) throws InitializationExce
         }
 
         this.streamListenPort = streamListenPort;
+        this.multicastPort=multicastPort;
     }
 
+
+
     /**
      * @return <code>true</code> (the default) if a <code>MissingNetworkInterfaceException</code> should be thrown
      */
@@ -134,7 +124,7 @@ public InetAddress getMulticastGroup() {
     }
 
     public int getMulticastPort() {
-        return Constants.UPNP_MULTICAST_PORT;
+        return multicastPort;
     }
 
     public int getStreamListenPort() {
@@ -213,8 +203,9 @@ public Short getAddressNetworkPrefixLength(InetAddress inetAddress) {
 
     public InetAddress getLocalAddress(NetworkInterface networkInterface, boolean isIPv6, InetAddress remoteAddress) {
 
+        return getBindAddressInSubnetOf(remoteAddress);
         // First try to find a local IP that is in the same subnet as the remote IP
-        InetAddress localIPInSubnet = getBindAddressInSubnetOf(remoteAddress);
+        /*InetAddress localIPInSubnet = getBindAddressInSubnetOf(remoteAddress);
         if (localIPInSubnet != null) return localIPInSubnet;
 
         // There are two reasons why we end up here:
@@ -233,7 +224,7 @@ public InetAddress getLocalAddress(NetworkInterface networkInterface, boolean is
             if (!isIPv6 && interfaceAddress instanceof Inet4Address)
                 return interfaceAddress;
         }
-        throw new IllegalStateException("Can't find any IPv4 or IPv6 address on interface: " + networkInterface.getDisplayName());
+        throw new IllegalStateException("Can't find any IPv4 or IPv6 address on interface: " + networkInterface.getDisplayName());*/
     }
 
     protected List<InterfaceAddress> getInterfaceAddresses(NetworkInterface networkInterface) {