|
 |
a060f6 |
From bfa1432ea1972b4272e3a7b8927f7c22094e5e44 Mon Sep 17 00:00:00 2001
|
|
|
a060f6 |
From: Ondrej Holy <oholy@redhat.com>
|
|
|
a060f6 |
Date: Tue, 22 May 2018 21:06:06 +0200
|
|
|
a060f6 |
Subject: [PATCH 2/2] Do not listen all if invalid interface is provided
|
|
|
a060f6 |
|
|
|
a060f6 |
It is not a good idea from security point of view to listen all interfaces
|
|
|
a060f6 |
in case of invalid interface is provided. We should rather listen to nothing
|
|
|
a060f6 |
and print error in journal.
|
|
|
a060f6 |
|
|
|
a060f6 |
https://bugzilla.gnome.org/show_bug.cgi?id=796349
|
|
|
a060f6 |
---
|
|
|
a060f6 |
server/libvncserver/sockets.c | 18 ++++++++++++------
|
|
|
a060f6 |
server/vino-server.c | 3 +++
|
|
|
a060f6 |
2 files changed, 15 insertions(+), 6 deletions(-)
|
|
|
a060f6 |
|
|
|
a060f6 |
diff --git a/server/libvncserver/sockets.c b/server/libvncserver/sockets.c
|
|
|
a060f6 |
index 746a3e5..45df6d5 100644
|
|
|
a060f6 |
--- a/server/libvncserver/sockets.c
|
|
|
a060f6 |
+++ b/server/libvncserver/sockets.c
|
|
|
a060f6 |
@@ -152,9 +152,13 @@ rfbInitListenSock(rfbScreenInfoPtr rfbScreen)
|
|
|
a060f6 |
char *netIface = (char*)rfbScreen->netIface;
|
|
|
a060f6 |
int i;
|
|
|
a060f6 |
|
|
|
a060f6 |
- if(netIface == NULL || if_nametoindex(netIface) == 0) {
|
|
|
a060f6 |
- if(netIface != NULL)
|
|
|
a060f6 |
- rfbLog("WARNING: This (%s) a invalid network interface, set to all\n", netIface);
|
|
|
a060f6 |
+ if(netIface != NULL && strlen(netIface) > 0) {
|
|
|
a060f6 |
+ if(if_nametoindex(netIface) == 0) {
|
|
|
a060f6 |
+ rfbLog("(%s) is an invalid network interface\n", netIface);
|
|
|
a060f6 |
+ return;
|
|
|
a060f6 |
+ }
|
|
|
a060f6 |
+ }
|
|
|
a060f6 |
+ else {
|
|
|
a060f6 |
netIface = NULL;
|
|
|
a060f6 |
}
|
|
|
a060f6 |
|
|
|
a060f6 |
@@ -748,9 +752,11 @@ rfbSetNetworkInterface(rfbScreenInfoPtr rfbScreen, const char *netIface)
|
|
|
a060f6 |
rfbScreen->netIface = netIface;
|
|
|
a060f6 |
}
|
|
|
a060f6 |
else {
|
|
|
a060f6 |
- rfbScreen->netIface = NULL;
|
|
|
a060f6 |
- if(netIface != NULL)
|
|
|
a060f6 |
- rfbLog("WARNING: This (%s) a invalid network interface, set to all\n", netIface);
|
|
|
a060f6 |
+ rfbScreen->netIface = NULL;
|
|
|
a060f6 |
+ if(netIface != NULL && strlen(netIface) > 0) {
|
|
|
a060f6 |
+ rfbLog("(%s) is an invalid network interface\n", netIface);
|
|
|
a060f6 |
+ return FALSE;
|
|
|
a060f6 |
+ }
|
|
|
a060f6 |
}
|
|
|
a060f6 |
|
|
|
a060f6 |
rfbLog("Re-binding socket to listen for VNC connections on TCP port %d in (%s) interface\n",
|
|
|
a060f6 |
diff --git a/server/vino-server.c b/server/vino-server.c
|
|
|
a060f6 |
index 38b17e3..b8cd755 100644
|
|
|
a060f6 |
--- a/server/vino-server.c
|
|
|
a060f6 |
+++ b/server/vino-server.c
|
|
|
a060f6 |
@@ -970,6 +970,9 @@ vino_server_init_io_channels(VinoServer *server)
|
|
|
a060f6 |
{
|
|
|
a060f6 |
dprintf (RFB, "%d ", rfb_screen->rfbListenSock[i]);
|
|
|
a060f6 |
|
|
|
a060f6 |
+ if (rfb_screen->rfbListenSock[i] == -1)
|
|
|
a060f6 |
+ continue;
|
|
|
a060f6 |
+
|
|
|
a060f6 |
server->priv->io_channel[i] = g_io_channel_unix_new (rfb_screen->rfbListenSock[i]);
|
|
|
a060f6 |
server->priv->io_watch[i] = g_io_add_watch (server->priv->io_channel[i],
|
|
|
a060f6 |
G_IO_IN|G_IO_PRI,
|
|
|
a060f6 |
--
|
|
|
a060f6 |
2.17.0
|
|
|
a060f6 |
|