Fix DDOS and SSRF issue : 4thline/cling#253

src/main/java/com/distrimind/upnp_igd/transport/Common.java

@@ -0,0 +1,125 @@
+package com.distrimind.upnp_igd.transport;
+/*
+Copyright or © or Copr. Jason Mahdjoub (01/04/2013)
+
+[email protected]
+
+This software (Object Oriented Database (OOD)) is a computer program 
+whose purpose is to manage a local database with the object paradigm 
+and the java language 
+
+This software is governed by the CeCILL-C license under French law and
+abiding by the rules of distribution of free software.  You can  use, 
+modify and/ or redistribute the software under the terms of the CeCILL-C
+license as circulated by CEA, CNRS and INRIA at the following URL
+"http://www.cecill.info". 
+
+As a counterpart to the access to the source code and  rights to copy,
+modify and redistribute granted by the license, users are provided only
+with a limited warranty  and the software's author,  the holder of the
+economic rights,  and the successive licensors  have only  limited
+liability. 
+
+In this respect, the user's attention is drawn to the risks associated
+with loading,  using,  modifying and/or developing or reproducing the
+software by the user in light of its specific status of free software,
+that may mean  that it is complicated to manipulate,  and  that  also
+therefore means  that it is reserved for developers  and  experienced
+professionals having in-depth computer knowledge. Users are therefore
+encouraged to load and test the software's suitability as regards their
+requirements in conditions enabling the security of their systems and/or 
+data to be ensured and,  more generally, to use and operate it in the 
+same conditions as regards security. 
+
+The fact that you are presently reading this means that you have had
+knowledge of the CeCILL-C license and that you accept its terms.
+ */
+
+import com.distrimind.upnp_igd.model.message.IncomingDatagramMessage;
+import com.distrimind.upnp_igd.model.message.header.CallbackHeader;
+import com.distrimind.upnp_igd.model.message.header.HostHeader;
+import com.distrimind.upnp_igd.model.message.header.LocationHeader;
+import com.distrimind.upnp_igd.model.message.header.UpnpHeader;
+import com.distrimind.upnp_igd.transport.spi.NetworkAddressFactory;
+
+import java.net.Inet6Address;
+import java.net.InetAddress;
+import java.net.URL;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * @author Jason Mahdjoub
+ * @version 1.0
+ * @since MaDKitLanEdition 1.0.0
+ */
+public class Common {
+	private static final Set<UpnpHeader.Type> allowedUpnpHeaders=new HashSet<>(Arrays.asList(UpnpHeader.Type.EXT, UpnpHeader.Type.ST, UpnpHeader.Type.SERVER, UpnpHeader.Type.USN, UpnpHeader.Type.LOCATION, UpnpHeader.Type.MAX_AGE));
+	static boolean isNotValidRemoteAddress(URL u, NetworkAddressFactory networkAddressFactory)
+	{
+		if (u==null)
+			return false;
+		return isNotValidRemoteAddress(u.getHost(), networkAddressFactory);
+	}
+	public static boolean isNotValidRemoteAddress(String host, NetworkAddressFactory networkAddressFactory)
+	{
+		try {
+			InetAddress ia = InetAddress.getByName(host);
+			ia = networkAddressFactory.getLocalAddress(
+					null,
+					ia instanceof Inet6Address,
+					ia
+			);
+			if (ia == null)
+				return true;
+		} catch (Exception ignored) {
+			return true;
+		}
+		return false;
+	}
+	public static IncomingDatagramMessage<?> getValidIncomingDatagramMessage(IncomingDatagramMessage<?> idm, NetworkAddressFactory networkAddressFactory)
+	{
+		for (UpnpHeader.Type t : UpnpHeader.Type.values()) {
+			if (allowedUpnpHeaders.contains(t))
+				continue;
+			if (idm.getHeaders().containsKey(t))
+				return null;
+		}
+		@SuppressWarnings("rawtypes") List<UpnpHeader> luh=idm.getHeaders().get(UpnpHeader.Type.CALLBACK);
+
+		if (luh!=null) {
+			for (UpnpHeader<?> uh : luh) {
+				if (CallbackHeader.class.isAssignableFrom(uh.getClass())) {
+					CallbackHeader ch = (CallbackHeader) uh;
+					for (URL u : ch.getValue()) {
+						if (isNotValidRemoteAddress(u, networkAddressFactory))
+							return null;
+					}
+				}
+			}
+		}
+		luh=idm.getHeaders().get(UpnpHeader.Type.HOST);
+		if (luh!=null) {
+			for (UpnpHeader<?> uh : luh) {
+				if (HostHeader.class.isAssignableFrom(uh.getClass())) {
+					HostHeader hh = (HostHeader) uh;
+					if (isNotValidRemoteAddress(hh.getValue().getHost(), networkAddressFactory))
+						return null;
+				}
+			}
+		}
+		luh=idm.getHeaders().get(UpnpHeader.Type.LOCATION);
+		if (luh!=null) {
+			for (UpnpHeader<?> uh : luh) {
+				if (LocationHeader.class.isAssignableFrom(uh.getClass())) {
+					LocationHeader hh = (LocationHeader) uh;
+					if (isNotValidRemoteAddress(hh.getValue().getHost(), networkAddressFactory))
+						return null;
+				}
+			}
+		}
+		return idm;
+	}
+}

src/main/java/com/distrimind/upnp_igd/transport/RouterImpl.java

@@ -65,7 +65,7 @@
 @ApplicationScoped
 public class RouterImpl implements Router {
 
-    private static Logger log = Logger.getLogger(Router.class.getName());
+    private static final Logger log = Logger.getLogger(Router.class.getName());
 
     protected UpnpServiceConfiguration configuration;
     protected ProtocolFactory protocolFactory;
@@ -456,7 +456,7 @@ protected void startAddressBasedTransports(Iterator<InetAddress> addresses) thro
                 try {
                     if (log.isLoggable(Level.FINE))
                         log.fine("Init datagram I/O on address: " + address);
-                    datagramIO.init(address, this, getConfiguration().getDatagramProcessor());
+                    datagramIO.init(networkAddressFactory, address, this, getConfiguration().getDatagramProcessor());
                     datagramIOs.put(address, datagramIO);
                 } catch (InitializationException ex) {
                     /* TODO: What are some recoverable exceptions for this?

src/main/java/com/distrimind/upnp_igd/transport/impl/DatagramIOImpl.java

@@ -15,18 +15,17 @@
 
 package com.distrimind.upnp_igd.transport.impl;
 
+import com.distrimind.upnp_igd.model.message.IncomingDatagramMessage;
+import com.distrimind.upnp_igd.transport.Common;
 import com.distrimind.upnp_igd.transport.Router;
 import com.distrimind.upnp_igd.model.message.OutgoingDatagramMessage;
 import com.distrimind.upnp_igd.transport.spi.DatagramIO;
 import com.distrimind.upnp_igd.transport.spi.DatagramProcessor;
 import com.distrimind.upnp_igd.transport.spi.InitializationException;
 import com.distrimind.upnp_igd.model.UnsupportedDataException;
+import com.distrimind.upnp_igd.transport.spi.NetworkAddressFactory;
 
-import java.net.DatagramPacket;
-import java.net.InetAddress;
-import java.net.InetSocketAddress;
-import java.net.MulticastSocket;
-import java.net.SocketException;
+import java.net.*;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -44,7 +43,7 @@
  */
 public class DatagramIOImpl implements DatagramIO<DatagramIOConfigurationImpl> {
 
-    private static Logger log = Logger.getLogger(DatagramIO.class.getName());
+    private static final Logger log = Logger.getLogger(DatagramIO.class.getName());
 
     /* Implementation notes for unicast/multicast UDP:
 
@@ -59,7 +58,7 @@ public class DatagramIOImpl implements DatagramIO<DatagramIOConfigurationImpl> {
 
     protected Router router;
     protected DatagramProcessor datagramProcessor;
-
+    protected NetworkAddressFactory networkAddressFactory;
     protected InetSocketAddress localAddress;
     protected MulticastSocket socket; // For sending unicast & multicast, and reveiving unicast
 
@@ -71,9 +70,10 @@ public DatagramIOConfigurationImpl getConfiguration() {
         return configuration;
     }
 
-    synchronized public void init(InetAddress bindAddress, Router router, DatagramProcessor datagramProcessor) throws InitializationException {
+    synchronized public void init(NetworkAddressFactory networkAddressFactory, InetAddress bindAddress, Router router, DatagramProcessor datagramProcessor) throws InitializationException {
 
         this.router = router;
+        this.networkAddressFactory = networkAddressFactory;
         this.datagramProcessor = datagramProcessor;
 
         try {
@@ -107,7 +107,14 @@ public void run() {
                 DatagramPacket datagram = new DatagramPacket(buf, buf.length);
 
                 socket.receive(datagram);
-
+                InetAddress receivedOnLocalAddress =
+                        networkAddressFactory.getLocalAddress(
+                                null,
+                                datagram.getAddress() instanceof Inet6Address,
+                                datagram.getAddress()
+                        );
+                if (receivedOnLocalAddress==null)
+                    continue;
                 log.fine(
                         "UDP datagram received from: "
                                 + datagram.getAddress().getHostAddress()
@@ -116,7 +123,10 @@ public void run() {
                 );
 
 
-                router.received(datagramProcessor.read(localAddress.getAddress(), datagram));
+                IncomingDatagramMessage<?> idm= Common.getValidIncomingDatagramMessage(datagramProcessor.read(localAddress.getAddress(), datagram), networkAddressFactory);
+                if (idm==null)
+                    continue;
+                router.received(idm);
 
             } catch (SocketException ex) {
                 log.fine("Socket closed");

src/main/java/com/distrimind/upnp_igd/transport/impl/MulticastReceiverImpl.java

@@ -15,6 +15,8 @@
 
 package com.distrimind.upnp_igd.transport.impl;
 
+import com.distrimind.upnp_igd.model.message.IncomingDatagramMessage;
+import com.distrimind.upnp_igd.transport.Common;
 import com.distrimind.upnp_igd.transport.Router;
 import com.distrimind.upnp_igd.transport.spi.DatagramProcessor;
 import com.distrimind.upnp_igd.transport.spi.InitializationException;
@@ -119,15 +121,19 @@ public void run() {
                             multicastAddress.getAddress() instanceof Inet6Address,
                             datagram.getAddress()
                         );
-
+                if (receivedOnLocalAddress==null)
+                    continue;
                 log.fine(
                         "UDP datagram received from: " + datagram.getAddress().getHostAddress() 
                                 + ":" + datagram.getPort()
                                 + " on local interface: " + multicastInterface.getDisplayName()
                                 + " and address: " + receivedOnLocalAddress.getHostAddress()
                 );
 
-                router.received(datagramProcessor.read(receivedOnLocalAddress, datagram));
+                IncomingDatagramMessage<?> idm=Common.getValidIncomingDatagramMessage(datagramProcessor.read(receivedOnLocalAddress, datagram),networkAddressFactory);
+                if (idm==null)
+                    continue;
+                router.received(idm);
 
             } catch (SocketException ex) {
                 log.fine("Socket closed");

src/main/java/com/distrimind/upnp_igd/transport/spi/DatagramIO.java

@@ -59,7 +59,7 @@ public interface DatagramIO<C extends DatagramIOConfiguration> extends Runnable
      * @param datagramProcessor Reads and writes datagrams.
      * @throws InitializationException If the service could not be initialized or started.
      */
-    public void init(InetAddress bindAddress, Router router, DatagramProcessor datagramProcessor) throws InitializationException;
+    public void init(NetworkAddressFactory networkAddressFactory, InetAddress bindAddress, Router router, DatagramProcessor datagramProcessor) throws InitializationException;
 
     /**
      * Stops the service, closes any listening sockets.