miniupnpd: Add (one-line) daemon patch to use secure_mode UCI config

also for UPnP IGD with IPv6, previously it was always enabled and the behaviour is undocumented. See miniupnp/miniupnp@c79e25a Signed-off-by: Self-Hosting-Group <[email protected]>
openwrt · Sep 30, 2024 · ac76334 · ac76334
1 parent 618ed1f
commit ac76334
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/net/miniupnpd/patches/400-securemode-for-ipv6-igd.patch b/net/miniupnpd/patches/400-securemode-for-ipv6-igd.patch
@@ -0,0 +1,11 @@
+--- a/upnpsoap.c
++++ b/upnpsoap.c
+@@ -1641,7 +1641,7 @@ PinholeVerification(struct upnphttp * h, char * int_ip, unsigned short int_port)
+ 		strncpy(clientaddr_str, "*ERROR*", sizeof(clientaddr_str));
+ 	}
+
+-	if(memcmp(&h->clientaddr_v6, &result_ip, sizeof(struct in6_addr)) != 0)
++	if(GETFLAG(SECUREMODEMASK) && (memcmp(&h->clientaddr_v6, &result_ip, sizeof(struct in6_addr)) != 0))
+ 	{
+ 		syslog(LOG_INFO, "%s: Client %s tried to access pinhole for internal %s and is not authorized",
+ 		       "PinholeVerification", clientaddr_str, int_ip);