diff options
| author | Jens Georg <mail@jensge.org> | 2020-07-29 22:34:40 +0200 |
|---|---|---|
| committer | Jens Georg <mail@jensge.org> | 2020-07-29 22:35:51 +0200 |
| commit | d7d1cb082fd69565c76dc7e5eaeb9a08832ebf6b (patch) | |
| tree | d97f832756c64a47bcb643021eead7cc180a4dcf | |
| parent | 677b51a875dc08299b14f0ed532dfdec8be395e0 (diff) | |
| download | gupnp-d7d1cb082fd69565c76dc7e5eaeb9a08832ebf6b.tar.gz | |
service: Fix check of callback for v6 link-local
| -rw-r--r-- | libgupnp/gupnp-service.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/libgupnp/gupnp-service.c b/libgupnp/gupnp-service.c index a6e7532..b061c34 100644 --- a/libgupnp/gupnp-service.c +++ b/libgupnp/gupnp-service.c @@ -1193,7 +1193,8 @@ add_subscription_callback (GUPnPContext *context, const char *callback) { SoupURI *local_uri = NULL; - const char *host = NULL; + char *host = NULL; + char *index = NULL; local_uri = gupnp_context_rewrite_uri_to_uri (context, callback); if (local_uri == NULL) { @@ -1201,14 +1202,20 @@ add_subscription_callback (GUPnPContext *context, } - host = soup_uri_get_host (local_uri); + host = g_strdup (soup_uri_get_host (local_uri)); + index = g_strrstr(host, "%"); + // Cut off network index + if (index != NULL) { + *index = '\0'; + } // CVE-2020-12695: Ignore subscription call-backs that are not "in // our network segment" if (gupnp_context_ip_is_ours (context, host)) { - return g_list_append (list, local_uri); + list = g_list_append (list, local_uri); } else { g_warning ("%s is not in our network; ignoring", callback); } + g_free (host); return list; } |