From eb562f67ebf0b06deed3a543a4cf66f566c76c1b Mon Sep 17 00:00:00 2001 From: GitHub-MasterX Date: Sun, 29 Mar 2026 09:48:24 +0000 Subject: [PATCH 1/2] feat(ssdp): implement dynamic header extraction with bounds safety --- servers/upnp_pit.c | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/servers/upnp_pit.c b/servers/upnp_pit.c index 0c6a7e2..bd4c843 100644 --- a/servers/upnp_pit.c +++ b/servers/upnp_pit.c @@ -117,6 +117,48 @@ char* ssdpResponse() { return responseBuffer; } +// Logging the headers and their values +void extraction(char *pkt_buffer,char *log_msg){ + char *current_pos=pkt_buffer; + char *nl = strchr(current_pos, '\n'); + if (!nl) return; + current_pos = nl + 1; + + while ((nl = strchr(current_pos, '\n')) != NULL){ + if (*current_pos == '\r' || *current_pos == '\n') break; + if(*current_pos!=' '&& *current_pos != '\t'){ + char *col = strchr(current_pos,':'); + int current_line_len = nl - current_pos; + if (col != NULL && col < nl) { + int key_len = col - current_pos; + char key_name[64] = {0}; + if (key_len > 0 && key_len < sizeof(key_name)) { + strncpy(key_name, current_pos, key_len); + key_name[key_len] = '\0'; + } + + char *val_ptr = col + 1; + while (*val_ptr == ' ') val_ptr++; + + int val_len = 0; + while (val_ptr + val_len < nl && + val_ptr[val_len] != '\r' && + val_ptr[val_len] != '\n') { + val_len++; + } + if (val_len > 0) { + char fragment[512]; + snprintf(fragment, sizeof(fragment), " | %s:%.*s", key_name, val_len, val_ptr); + if (strlen(log_msg) + strlen(fragment) < 1023) { + strcat(log_msg, fragment); + } + } + } + } + current_pos = nl + 1; + } +} + // Handles SSDP discovery requests and sends fake responses void *ssdpListener(void *arg) { (void)arg; @@ -174,6 +216,7 @@ void *ssdpListener(void *arg) { snprintf(msg, sizeof(msg), "%s M-SEARCH %s\n", SERVER_ID, client_ip); + extraction(buffer,msg); } else { snprintf(msg, sizeof(msg), "%s non-M-SEARCH %s\n", SERVER_ID, client_ip); From 41dd7d2748c52bbe6ccbdbd2a6f75221c636f3cb Mon Sep 17 00:00:00 2001 From: GitHub-MasterX Date: Sun, 29 Mar 2026 10:32:08 +0000 Subject: [PATCH 2/2] fix(dynamic-header-extraction) --- servers/upnp_pit.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/servers/upnp_pit.c b/servers/upnp_pit.c index bd4c843..6870993 100644 --- a/servers/upnp_pit.c +++ b/servers/upnp_pit.c @@ -214,15 +214,16 @@ void *ssdpListener(void *arg) { sendto(sockFd, response, strlen(response), 0, (struct sockaddr *)&client_addr, sizeof(client_addr)); - snprintf(msg, sizeof(msg), "%s M-SEARCH %s\n", + snprintf(msg, sizeof(msg), "%s M-SEARCH %s", SERVER_ID, client_ip); extraction(buffer,msg); } else { - snprintf(msg, sizeof(msg), "%s non-M-SEARCH %s\n", + snprintf(msg, sizeof(msg), "%s non-M-SEARCH %s", SERVER_ID, client_ip); + extraction(buffer,msg); } - printf("%s", msg); + printf("%s\n", msg); sendMetric(msg); }