WPS: Move POST URL validation into web_connection_parse_post()

This is more logical location for checking the URL and potentially
handling a call to another URL handler. In addition, return 404 error,
not invalid UPnP action, if the URL does not match.
This commit is contained in:
Jouni Malinen 2009-12-12 16:48:50 +02:00
parent ed74dcd512
commit 6a029035f5
2 changed files with 12 additions and 9 deletions

View file

@ -16,6 +16,7 @@ enum http_reply_code {
HTTP_BAD_REQUEST = 400, HTTP_BAD_REQUEST = 400,
UPNP_INVALID_ACTION = 401, UPNP_INVALID_ACTION = 401,
UPNP_INVALID_ARGS = 402, UPNP_INVALID_ARGS = 402,
HTTP_NOT_FOUND = 404,
HTTP_PRECONDITION_FAILED = 412, HTTP_PRECONDITION_FAILED = 412,
HTTP_INTERNAL_SERVER_ERROR = 500, HTTP_INTERNAL_SERVER_ERROR = 500,
HTTP_UNIMPLEMENTED = 501, HTTP_UNIMPLEMENTED = 501,

View file

@ -687,7 +687,7 @@ static void web_connection_send_reply(struct http_request *req,
static const char * web_get_action(struct http_request *req, static const char * web_get_action(struct http_request *req,
const char *filename, size_t *action_len) size_t *action_len)
{ {
const char *match; const char *match;
int match_len; int match_len;
@ -695,11 +695,6 @@ static const char * web_get_action(struct http_request *req,
char *action; char *action;
*action_len = 0; *action_len = 0;
if (os_strcasecmp(filename, UPNP_WPS_DEVICE_CONTROL_FILE)) {
wpa_printf(MSG_INFO, "WPS UPnP: Invalid POST filename %s",
filename);
return NULL;
}
/* The SOAPAction line of the header tells us what we want to do */ /* The SOAPAction line of the header tells us what we want to do */
b = http_request_get_hdr_line(req, "SOAPAction:"); b = http_request_get_hdr_line(req, "SOAPAction:");
if (b == NULL) if (b == NULL)
@ -754,13 +749,20 @@ static void web_connection_parse_post(struct upnp_wps_device_sm *sm,
{ {
enum http_reply_code ret; enum http_reply_code ret;
char *data = http_request_get_data(req); /* body of http msg */ char *data = http_request_get_data(req); /* body of http msg */
const char *action; const char *action = NULL;
size_t action_len; size_t action_len = 0;
const char *replyname = NULL; /* argument name for the reply */ const char *replyname = NULL; /* argument name for the reply */
struct wpabuf *reply = NULL; /* data for the reply */ struct wpabuf *reply = NULL; /* data for the reply */
if (os_strcasecmp(filename, UPNP_WPS_DEVICE_CONTROL_FILE)) {
wpa_printf(MSG_INFO, "WPS UPnP: Invalid POST filename %s",
filename);
ret = HTTP_NOT_FOUND;
goto bad;
}
ret = UPNP_INVALID_ACTION; ret = UPNP_INVALID_ACTION;
action = web_get_action(req, filename, &action_len); action = web_get_action(req, &action_len);
if (action == NULL) if (action == NULL)
goto bad; goto bad;