WPS: Move POST URL validation into web_connection_parse_post()

This is more logical location for checking the URL and potentially
handling a call to another URL handler. In addition, return 404 error,
not invalid UPnP action, if the URL does not match.

diff --git a/src/wps/http.h b/src/wps/http.h
index 8bb8ff3d671f2c21389d55d3e6a9812a0098c9d4..2fee3a8f87a637d23119756e18b5bfda003df506 100644 (file)
--- a/src/wps/http.h
+++ b/src/wps/http.h
@@ -16,6 +16,7 @@ enum http_reply_code {
        HTTP_BAD_REQUEST = 400,
        UPNP_INVALID_ACTION = 401,
        UPNP_INVALID_ARGS = 402,
+       HTTP_NOT_FOUND = 404,
        HTTP_PRECONDITION_FAILED = 412,
        HTTP_INTERNAL_SERVER_ERROR = 500,
        HTTP_UNIMPLEMENTED = 501,

diff --git a/src/wps/wps_upnp_web.c b/src/wps/wps_upnp_web.c
index 5da3456d480cda44c4277edd78a06826a3e41fe7..1ba9118d161fd1f46f219976da3d2c9ecf6389f5 100644 (file)
--- a/src/wps/wps_upnp_web.c
+++ b/src/wps/wps_upnp_web.c
@@ -687,7 +687,7 @@ static void web_connection_send_reply(struct http_request *req,
 
 
 static const char * web_get_action(struct http_request *req,
-                                  const char *filename, size_t *action_len)
+                                  size_t *action_len)
 {
        const char *match;
        int match_len;
@@ -695,11 +695,6 @@ static const char * web_get_action(struct http_request *req,
        char *action;
 
        *action_len = 0;
-       if (os_strcasecmp(filename, UPNP_WPS_DEVICE_CONTROL_FILE)) {
-               wpa_printf(MSG_INFO, "WPS UPnP: Invalid POST filename %s",
-                          filename);
-               return NULL;
-       }
        /* The SOAPAction line of the header tells us what we want to do */
        b = http_request_get_hdr_line(req, "SOAPAction:");
        if (b == NULL)
@@ -754,13 +749,20 @@ static void web_connection_parse_post(struct upnp_wps_device_sm *sm,
 {
        enum http_reply_code ret;
        char *data = http_request_get_data(req); /* body of http msg */
-       const char *action;
-       size_t action_len;
+       const char *action = NULL;
+       size_t action_len = 0;
        const char *replyname = NULL; /* argument name for the reply */
        struct wpabuf *reply = NULL; /* data for the reply */
 
+       if (os_strcasecmp(filename, UPNP_WPS_DEVICE_CONTROL_FILE)) {
+               wpa_printf(MSG_INFO, "WPS UPnP: Invalid POST filename %s",
+                          filename);
+               ret = HTTP_NOT_FOUND;
+               goto bad;
+       }
+
        ret = UPNP_INVALID_ACTION;
-       action = web_get_action(req, filename, &action_len);
+       action = web_get_action(req, &action_len);
        if (action == NULL)
                goto bad;