* Copyright (c) 2000-2003 Intel Corporation
* Copyright (c) 2006-2007 Sony Corporation
* Copyright (c) 2008-2009 Atheros Communications
- * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2009-2010, Jouni Malinen <j@w1.fi>
*
* See below for more details on licensing and code history.
*/
#define MAX_SUBSCRIPTIONS 4 /* how many subscribing clients we handle */
#define MAX_ADDR_PER_SUBSCRIPTION 8
+/* Maximum number of Probe Request events per second */
+#define MAX_EVENTS_PER_SEC 5
/* Write the current date/time per RFC */
void format_date(struct wpabuf *buf)
/* subscr_addr_delete -- delete single unlinked subscriber address
* (be sure to unlink first if need be)
*/
-static void subscr_addr_delete(struct subscr_addr *a)
+void subscr_addr_delete(struct subscr_addr *a)
{
/*
* Note: do NOT free domain_and_port or path because they point to
/* subscr_addr_add_url -- add address(es) for one url to subscription */
-static void subscr_addr_add_url(struct subscription *s, const char *url)
+static void subscr_addr_add_url(struct subscription *s, const char *url,
+ size_t url_len)
{
int alloc_len;
char *scratch_mem = NULL;
struct addrinfo *result = NULL;
struct addrinfo *rp;
int rerr;
- struct subscr_addr *a = NULL;
/* url MUST begin with http: */
- if (os_strncasecmp(url, "http://", 7))
+ if (url_len < 7 || os_strncasecmp(url, "http://", 7))
goto fail;
url += 7;
+ url_len -= 7;
/* allocate memory for the extra stuff we need */
- alloc_len = (2 * (os_strlen(url) + 1));
+ alloc_len = 2 * (url_len + 1);
scratch_mem = os_zalloc(alloc_len);
if (scratch_mem == NULL)
goto fail;
mem = scratch_mem;
- strcpy(mem, url);
+ os_strncpy(mem, url, url_len);
+ wpa_printf(MSG_DEBUG, "WPS UPnP: Adding URL '%s'", mem);
domain_and_port = mem;
mem += 1 + os_strlen(mem);
delim = os_strchr(domain_and_port, '/');
}
domain = mem;
strcpy(domain, domain_and_port);
- delim = strchr(domain, ':');
+ delim = os_strchr(domain, ':');
if (delim) {
*delim++ = 0; /* null terminate domain */
if (isdigit(*delim))
goto fail;
}
for (rp = result; rp; rp = rp->ai_next) {
+ struct subscr_addr *a;
+
/* Limit no. of address to avoid denial of service attack */
if (dl_list_len(&s->addr_list) >= MAX_ADDR_PER_SUBSCRIPTION) {
wpa_printf(MSG_INFO, "WPS UPnP: subscr_addr_add_url: "
if (path[0] != '/')
*mem++ = '/';
strcpy(mem, path);
- mem += 1 + strlen(mem);
+ mem += 1 + os_strlen(mem);
os_memcpy(&a->saddr, rp->ai_addr, sizeof(a->saddr));
a->saddr.sin_port = htons(port);
dl_list_add(&s->addr_list, &a->list);
- a = NULL; /* don't free it below */
}
fail:
if (result)
freeaddrinfo(result);
os_free(scratch_mem);
- os_free(a);
}
static void subscr_addr_list_create(struct subscription *s,
const char *url_list)
{
- char *end;
+ const char *end;
+ wpa_printf(MSG_DEBUG, "WPS UPnP: Parsing URL list '%s'", url_list);
for (;;) {
while (*url_list == ' ' || *url_list == '\t')
url_list++;
end = os_strchr(url_list, '>');
if (end == NULL)
break;
- *end++ = 0;
- subscr_addr_add_url(s, url_list);
- url_list = end;
+ subscr_addr_add_url(s, url_list, end - url_list);
+ url_list = end + 1;
}
}
"<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"
"<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">\n";
const char *format_tail = "</e:propertyset>\n";
+ struct os_time now;
if (dl_list_empty(&sm->subscriptions)) {
/* optimize */
return;
}
+ if (os_get_time(&now) == 0) {
+ if (now.sec != sm->last_event_sec) {
+ sm->last_event_sec = now.sec;
+ sm->num_events_in_sec = 1;
+ } else {
+ sm->num_events_in_sec++;
+ /*
+ * In theory, this should apply to all WLANEvent
+ * notifications, but EAP messages are of much higher
+ * priority and Probe Request notifications should not
+ * be allowed to drop EAP messages, so only throttle
+ * Probe Request notifications.
+ */
+ if (sm->num_events_in_sec > MAX_EVENTS_PER_SEC &&
+ sm->wlanevent_type ==
+ UPNP_WPS_WLANEVENT_TYPE_PROBE) {
+ wpa_printf(MSG_DEBUG, "WPS UPnP: Throttle "
+ "event notifications (%u seen "
+ "during one second)",
+ sm->num_events_in_sec);
+ return;
+ }
+ }
+ }
+
/* Determine buffer size needed first */
buf_size += os_strlen(format_head);
buf_size += 50 + 2 * os_strlen("WLANEvent");
dl_list_for_each_safe(s, tmp, &sm->subscriptions, struct subscription,
list) {
- if (event_add(s, buf)) {
+ if (event_add(s, buf, sm->wlanevent_type ==
+ UPNP_WPS_WLANEVENT_TYPE_PROBE) == 1) {
wpa_printf(MSG_INFO, "WPS UPnP: Dropping "
- "subscriber due to event backlog");
+ "subscriber %p due to event backlog", s);
dl_list_del(&s->list);
subscription_destroy(s);
}
wpabuf_put_be16(msg, ATTR_REGISTRAR_NONCE);
wpabuf_put_be16(msg, WPS_NONCE_LEN);
wpabuf_put(msg, WPS_NONCE_LEN);
- wps_build_version2(msg);
+ wps_build_wfa_ext(msg, 0, NULL, 0);
return msg;
}
"<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">\n";
const char *tail = "</e:propertyset>\n";
char txt[10];
+ int ret;
if (s->sm->wlanevent == NULL) {
/*
}
buf = wpabuf_alloc(500 + os_strlen(wlan_event));
if (buf == NULL)
- return 1;
+ return -1;
wpabuf_put_str(buf, head);
wpabuf_put_property(buf, "STAStatus", "1");
wpabuf_put_property(buf, "WLANEvent", wlan_event);
wpabuf_put_str(buf, tail);
- if (event_add(s, buf)) {
+ ret = event_add(s, buf, 0);
+ if (ret) {
wpabuf_free(buf);
- return 1;
+ return ret;
}
wpabuf_free(buf);
s->timeout_time = expire;
uuid_make(s->uuid);
subscr_addr_list_create(s, callback_urls);
+ if (dl_list_empty(&s->addr_list)) {
+ wpa_printf(MSG_DEBUG, "WPS UPnP: No valid callback URLs in "
+ "'%s' - drop subscription", callback_urls);
+ subscription_destroy(s);
+ return NULL;
+ }
+
/* Add to end of list, since it has the highest expiration time */
dl_list_add_tail(&sm->subscriptions, &s->list);
/* Queue up immediate event message (our last event)
os_free(sm->wlanevent);
sm->wlanevent = val;
+ sm->wlanevent_type = ev_type;
upnp_wps_device_send_event(sm);
ret = 0;
projects / libeap.git / blobdiff