4040import com .distrimind .madkit .agr .LocalCommunity ;
4141import com .distrimind .madkit .kernel .*;
4242import com .distrimind .madkit .message .KernelMessage ;
43- import com .distrimind .util .OS ;
44- import com .distrimind .util .OSVersion ;
45- import com .distrimind .util .properties .DocumentBuilderFactoryWithNonDTD ;
46- import com .sun .net .httpserver .HttpExchange ;
47- import com .sun .net .httpserver .HttpHandler ;
48- import com .sun .net .httpserver .HttpServer ;
4943import com .distrimind .upnp_igd .UpnpService ;
5044import com .distrimind .upnp_igd .UpnpServiceImpl ;
51- import com .distrimind .upnp_igd .binding .xml .*;
45+ import com .distrimind .upnp_igd .binding .xml .DescriptorBindingException ;
46+ import com .distrimind .upnp_igd .binding .xml .DeviceDescriptorBinder ;
47+ import com .distrimind .upnp_igd .binding .xml .ServiceDescriptorBinder ;
5248import com .distrimind .upnp_igd .controlpoint .ControlPoint ;
5349import com .distrimind .upnp_igd .controlpoint .ControlPointImpl ;
5450import com .distrimind .upnp_igd .model .Namespace ;
55- import com .distrimind .upnp_igd .model .UnsupportedDataException ;
5651import com .distrimind .upnp_igd .model .ValidationException ;
5752import com .distrimind .upnp_igd .model .action .ActionInvocation ;
58- import com .distrimind .upnp_igd .model .message .Connection ;
59- import com .distrimind .upnp_igd .model .message .*;
60- import com .distrimind .upnp_igd .model .message .control .ActionRequestMessage ;
61- import com .distrimind .upnp_igd .model .message .control .ActionResponseMessage ;
62- import com .distrimind .upnp_igd .model .message .gena .OutgoingEventRequestMessage ;
63- import com .distrimind .upnp_igd .model .message .header .CallbackHeader ;
64- import com .distrimind .upnp_igd .model .message .header .HostHeader ;
65- import com .distrimind .upnp_igd .model .message .header .LocationHeader ;
66- import com .distrimind .upnp_igd .model .message .header .UpnpHeader ;
67- import com .distrimind .upnp_igd .model .meta .*;
68- import com .distrimind .upnp_igd .model .profile .RemoteClientInfo ;
53+ import com .distrimind .upnp_igd .model .message .IncomingDatagramMessage ;
54+ import com .distrimind .upnp_igd .model .message .UpnpHeaders ;
55+ import com .distrimind .upnp_igd .model .message .UpnpRequest ;
56+ import com .distrimind .upnp_igd .model .message .UpnpResponse ;
57+ import com .distrimind .upnp_igd .model .meta .RemoteDevice ;
58+ import com .distrimind .upnp_igd .model .meta .RemoteDeviceIdentity ;
59+ import com .distrimind .upnp_igd .model .meta .RemoteService ;
6960import com .distrimind .upnp_igd .model .types .*;
7061import com .distrimind .upnp_igd .protocol .ProtocolFactory ;
7162import com .distrimind .upnp_igd .protocol .ProtocolFactoryImpl ;
8576import com .distrimind .upnp_igd .support .model .PortMapping ;
8677import com .distrimind .upnp_igd .support .model .PortMapping .Protocol ;
8778import com .distrimind .upnp_igd .transport .RouterException ;
88- import com .distrimind .upnp_igd .transport .impl .* ;
79+ import com .distrimind .upnp_igd .transport .impl .NetworkAddressFactoryImpl ;
8980import com .distrimind .upnp_igd .transport .spi .*;
90- import org .w3c .dom .Document ;
91- import org .w3c .dom .Element ;
92- import org .xml .sax .InputSource ;
93-
94- import javax .xml .parsers .DocumentBuilder ;
95- import javax .xml .parsers .DocumentBuilderFactory ;
96- import javax .xml .parsers .FactoryConfigurationError ;
97- import java .io .IOException ;
98- import java .io .StringReader ;
99- import java .lang .reflect .Method ;
81+ import com .distrimind .util .OS ;
82+ import com .distrimind .util .OSVersion ;
83+
10084import java .net .*;
101- import java .security .AccessController ;
102- import java .security .PrivilegedAction ;
10385import java .util .*;
10486import java .util .concurrent .*;
10587import java .util .concurrent .atomic .AtomicBoolean ;
@@ -166,10 +148,7 @@ class UpnpIGDAgent extends AgentFakeThread {
166148
167149
168150
169- static DocumentBuilderFactory newDocumentBuilderFactoryWithNonDTDInstance ()
170- {
171- return DocumentBuilderFactoryWithNonDTD .newDocumentBuilderFactoryWithNonDTDInstance ();
172- }
151+
173152 /*
174153 * Fix DDOS and SSRF issue : https://github.com/4thline/cling/issues/253
175154 */
@@ -212,228 +191,6 @@ static boolean isNotValidRemoteAddress(String host, NetworkAddressFactory networ
212191
213192
214193
215- private static class HttpServerConnection implements Connection {
216-
217- protected HttpExchange exchange ;
218-
219- public HttpServerConnection (HttpExchange exchange ) {
220- this .exchange = exchange ;
221- }
222-
223- @ Override
224- public boolean isOpen () {
225- return true ;
226- }
227-
228- @ Override
229- public InetAddress getRemoteAddress () {
230- return exchange .getRemoteAddress () != null
231- ? exchange .getRemoteAddress ().getAddress ()
232- : null ;
233- }
234-
235- @ Override
236- public InetAddress getLocalAddress () {
237- return exchange .getLocalAddress () != null
238- ? exchange .getLocalAddress ().getAddress ()
239- : null ;
240- }
241- }
242-
243-
244- /*
245- * FIX XXE issue : https://github.com/4thline/cling/issues/243
246- */
247- static GENAEventProcessor createGENAEventProcessor () {
248- return new GENAEventProcessorImpl (){
249- @ Override
250- protected DocumentBuilderFactory createDocumentBuilderFactory () throws FactoryConfigurationError {
251- return UpnpIGDAgent .newDocumentBuilderFactoryWithNonDTDInstance ();
252- }
253- @ Override
254- public void writeBody (OutgoingEventRequestMessage requestMessage ) throws UnsupportedDataException {
255-
256- try {
257-
258- DocumentBuilderFactory factory = createDocumentBuilderFactory ();
259- factory .setNamespaceAware (true );
260- Document d = factory .newDocumentBuilder ().newDocument ();
261- Element propertysetElement = writePropertysetElement (d );
262-
263- writeProperties (d , propertysetElement , requestMessage );
264-
265- requestMessage .setBody (UpnpMessage .BodyType .STRING , toString (d ));
266-
267- } catch (Exception ex ) {
268- throw new UnsupportedDataException ("Can't transform message payload: " + ex .getMessage (), ex );
269- }
270- }
271-
272- };
273- }
274- /*
275- * FIX XXE issue : https://github.com/4thline/cling/issues/243
276- */
277- static SOAPActionProcessor createSOAPActionProcessor () {
278- return new SOAPActionProcessorImpl ()
279- {
280- @ Override
281- protected DocumentBuilderFactory createDocumentBuilderFactory () throws FactoryConfigurationError {
282- return UpnpIGDAgent .newDocumentBuilderFactoryWithNonDTDInstance ();
283- }
284- @ Override
285- public void writeBody (ActionRequestMessage requestMessage , ActionInvocation actionInvocation ) throws UnsupportedDataException {
286-
287- try {
288-
289- DocumentBuilderFactory factory = createDocumentBuilderFactory ();
290- factory .setNamespaceAware (true );
291- Document d = factory .newDocumentBuilder ().newDocument ();
292- Element body = writeBodyElement (d );
293-
294- writeBodyRequest (d , body , requestMessage , actionInvocation );
295-
296-
297- } catch (Exception ex ) {
298- throw new UnsupportedDataException ("Can't transform message payload: " + ex , ex );
299- }
300- }
301- @ Override
302- public void writeBody (ActionResponseMessage responseMessage , ActionInvocation actionInvocation ) throws UnsupportedDataException {
303-
304- try {
305-
306- DocumentBuilderFactory factory = createDocumentBuilderFactory ();
307- factory .setNamespaceAware (true );
308- Document d = factory .newDocumentBuilder ().newDocument ();
309- Element body = writeBodyElement (d );
310-
311- if (actionInvocation .getFailure () != null ) {
312- writeBodyFailure (d , body , responseMessage , actionInvocation );
313- } else {
314- writeBodyResponse (d , body , responseMessage , actionInvocation );
315- }
316-
317- } catch (Exception ex ) {
318- throw new UnsupportedDataException ("Can't transform message payload: " + ex , ex );
319- }
320- }
321- };
322- }
323- /*
324- * FIX XXE issue : https://github.com/4thline/cling/issues/243
325- */
326- static DeviceDescriptorBinder createDeviceDescriptorBinderUDA10 (NetworkAddressFactory networkAddressFactory ) {
327- //noinspection rawtypes
328- return new UDA10DeviceDescriptorBinderImpl ()
329- {
330- @ Override
331- public <D extends Device > D describe (D undescribedDevice , String descriptorXml ) throws DescriptorBindingException , ValidationException {
332-
333- if (descriptorXml == null || descriptorXml .length () == 0 ) {
334- throw new DescriptorBindingException ("Null or empty descriptor" );
335- }
336-
337- try {
338- DocumentBuilderFactory factory = newDocumentBuilderFactoryWithNonDTDInstance ();
339- factory .setNamespaceAware (true );
340- DocumentBuilder documentBuilder = factory .newDocumentBuilder ();
341- documentBuilder .setErrorHandler (this );
342-
343- Document d = documentBuilder .parse (
344- new InputSource (
345- new StringReader (descriptorXml .trim ())
346- )
347- );
348-
349- D res =describe (undescribedDevice , d );
350- if (res .getDetails ()!=null && isNotValidRemoteAddress (res .getDetails ().getBaseURL (), networkAddressFactory ))
351- return null ;
352-
353- return res ;
354- } catch (ValidationException ex ) {
355- throw ex ;
356- } catch (Exception ex ) {
357- throw new DescriptorBindingException ("Could not parse device descriptor: " + ex , ex );
358- }
359- }
360- @ Override
361- public Document buildDOM (Device deviceModel , RemoteClientInfo info , Namespace namespace ) throws DescriptorBindingException {
362-
363- try {
364- DocumentBuilderFactory factory = newDocumentBuilderFactoryWithNonDTDInstance ();
365- factory .setNamespaceAware (true );
366-
367- Document d = factory .newDocumentBuilder ().newDocument ();
368- generateRoot (namespace , deviceModel , d , info );
369-
370- return d ;
371-
372- } catch (Exception ex ) {
373- throw new DescriptorBindingException ("Could not generate device descriptor: " + ex .getMessage (), ex );
374- }
375- }
376- };
377- }
378-
379- /*
380- * FIX XXE issue : https://github.com/4thline/cling/issues/243
381- */
382- static ServiceDescriptorBinder createServiceDescriptorBinderUDA10 (NetworkAddressFactory networkAddressFactory ) {
383- //noinspection rawtypes
384- return new UDA10ServiceDescriptorBinderImpl (){
385- @ Override
386- public <S extends Service > S describe (S undescribedService , String descriptorXml ) throws DescriptorBindingException , ValidationException {
387- if (descriptorXml == null || descriptorXml .length () == 0 ) {
388- throw new DescriptorBindingException ("Null or empty descriptor" );
389- }
390-
391- try {
392- DocumentBuilderFactory factory = newDocumentBuilderFactoryWithNonDTDInstance ();
393- factory .setNamespaceAware (true );
394- DocumentBuilder documentBuilder = factory .newDocumentBuilder ();
395- documentBuilder .setErrorHandler (this );
396-
397- Document d = documentBuilder .parse (
398- new InputSource (
399- new StringReader (descriptorXml .trim ())
400- )
401- );
402-
403- S res = describe (undescribedService , d );
404- if (res .getDevice ()!=null && res .getDevice ().getDetails ()!=null && isNotValidRemoteAddress (res .getDevice ().getDetails ().getBaseURL (), networkAddressFactory ))
405- return null ;
406- return res ;
407-
408- } catch (ValidationException ex ) {
409- throw ex ;
410- } catch (Exception ex ) {
411- throw new DescriptorBindingException ("Could not parse service descriptor: " + ex , ex );
412- }
413- }
414- @ Override
415- public Document buildDOM (Service service ) throws DescriptorBindingException {
416-
417- try {
418- DocumentBuilderFactory factory = newDocumentBuilderFactoryWithNonDTDInstance ();
419- factory .setNamespaceAware (true );
420-
421- Document d = factory .newDocumentBuilder ().newDocument ();
422- Method m =UDA10ServiceDescriptorBinderImpl .class .getDeclaredMethod ("generateScpd" , Service .class , Document .class );
423- AccessController .doPrivileged ((PrivilegedAction <Object >) () -> {
424- m .setAccessible (true );
425- return null ;
426- });
427-
428- return d ;
429-
430- } catch (Exception ex ) {
431- throw new DescriptorBindingException ("Could not generate service descriptor: " + ex .getMessage (), ex );
432- }
433- }
434- };
435-
436- }
437194
438195 protected void addRouter (InetAddress ia , Router router ) {
439196 if (ia == null )
@@ -2078,36 +1835,6 @@ protected NetworkAddressFactory createNetworkAddressFactory(int streamListenPort
20781835 return networkAddressFactory =UpnpIGDAgent .createNetworkAddressFactory (streamListenPort , NONAndroidUpnpServiceConfiguration .this .multicastPort );
20791836 }
20801837
2081- /*
2082- * FIX XXE issue : https://github.com/4thline/cling/issues/243
2083- */
2084- @ Override
2085- protected GENAEventProcessor createGENAEventProcessor () {
2086- return UpnpIGDAgent .createGENAEventProcessor ();
2087- }
2088- /*
2089- * FIX XXE issue : https://github.com/4thline/cling/issues/243
2090- */
2091- @ Override
2092- protected SOAPActionProcessor createSOAPActionProcessor () {
2093- return UpnpIGDAgent .createSOAPActionProcessor ();
2094- }
2095-
2096- /*
2097- * FIX XXE issue : https://github.com/4thline/cling/issues/243
2098- */
2099- @ Override
2100- public DeviceDescriptorBinder createDeviceDescriptorBinderUDA10 () {
2101- return UpnpIGDAgent .createDeviceDescriptorBinderUDA10 (networkAddressFactory );
2102- }
2103-
2104- /*
2105- * FIX XXE issue : https://github.com/4thline/cling/issues/243
2106- */
2107- @ Override
2108- public ServiceDescriptorBinder createServiceDescriptorBinderUDA10 () {
2109- return UpnpIGDAgent .createServiceDescriptorBinderUDA10 (networkAddressFactory );
2110- }
21111838
21121839
21131840}
@@ -2129,38 +1856,6 @@ protected ExecutorService createDefaultExecutorService() {
21291856 protected NetworkAddressFactory createNetworkAddressFactory (int streamListenPort ) {
21301857 return networkAddressFactory =UpnpIGDAgent .createNetworkAddressFactory (streamListenPort , AndroidUpnpServiceConfiguration .this .multicastPort );
21311858 }
2132- /*
2133- * FIX XXE issue : https://github.com/4thline/cling/issues/243
2134- */
2135- @ Override
2136- protected GENAEventProcessor createGENAEventProcessor () {
2137- return UpnpIGDAgent .createGENAEventProcessor ();
2138- }
2139- /*
2140- * FIX XXE issue : https://github.com/4thline/cling/issues/243
2141- */
2142- @ Override
2143- protected SOAPActionProcessor createSOAPActionProcessor () {
2144- return UpnpIGDAgent .createSOAPActionProcessor ();
2145- }
2146-
2147- /*
2148- * FIX XXE issue : https://github.com/4thline/cling/issues/243
2149- */
2150- @ Override
2151- public DeviceDescriptorBinder createDeviceDescriptorBinderUDA10 () {
2152-
2153- return UpnpIGDAgent .createDeviceDescriptorBinderUDA10 (networkAddressFactory );
2154- }
2155-
2156- /*
2157- * FIX XXE issue : https://github.com/4thline/cling/issues/243
2158- */
2159- @ Override
2160- public ServiceDescriptorBinder createServiceDescriptorBinderUDA10 () {
2161- return UpnpIGDAgent .createServiceDescriptorBinderUDA10 (networkAddressFactory );
2162- }
2163-
21641859
21651860}
21661861
0 commit comments