From bfa1432ea1972b4272e3a7b8927f7c22094e5e44 Mon Sep 17 00:00:00 2001 From: Ondrej Holy Date: Tue, 22 May 2018 21:06:06 +0200 Subject: [PATCH 2/2] Do not listen all if invalid interface is provided It is not a good idea from security point of view to listen all interfaces in case of invalid interface is provided. We should rather listen to nothing and print error in journal. https://bugzilla.gnome.org/show_bug.cgi?id=796349 --- server/libvncserver/sockets.c | 18 ++++++++++++------ server/vino-server.c | 3 +++ 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/server/libvncserver/sockets.c b/server/libvncserver/sockets.c index 746a3e5..45df6d5 100644 --- a/server/libvncserver/sockets.c +++ b/server/libvncserver/sockets.c @@ -152,9 +152,13 @@ rfbInitListenSock(rfbScreenInfoPtr rfbScreen) char *netIface = (char*)rfbScreen->netIface; int i; - if(netIface == NULL || if_nametoindex(netIface) == 0) { - if(netIface != NULL) - rfbLog("WARNING: This (%s) a invalid network interface, set to all\n", netIface); + if(netIface != NULL && strlen(netIface) > 0) { + if(if_nametoindex(netIface) == 0) { + rfbLog("(%s) is an invalid network interface\n", netIface); + return; + } + } + else { netIface = NULL; } @@ -748,9 +752,11 @@ rfbSetNetworkInterface(rfbScreenInfoPtr rfbScreen, const char *netIface) rfbScreen->netIface = netIface; } else { - rfbScreen->netIface = NULL; - if(netIface != NULL) - rfbLog("WARNING: This (%s) a invalid network interface, set to all\n", netIface); + rfbScreen->netIface = NULL; + if(netIface != NULL && strlen(netIface) > 0) { + rfbLog("(%s) is an invalid network interface\n", netIface); + return FALSE; + } } rfbLog("Re-binding socket to listen for VNC connections on TCP port %d in (%s) interface\n", diff --git a/server/vino-server.c b/server/vino-server.c index 38b17e3..b8cd755 100644 --- a/server/vino-server.c +++ b/server/vino-server.c @@ -970,6 +970,9 @@ vino_server_init_io_channels(VinoServer *server) { dprintf (RFB, "%d ", rfb_screen->rfbListenSock[i]); + if (rfb_screen->rfbListenSock[i] == -1) + continue; + server->priv->io_channel[i] = g_io_channel_unix_new (rfb_screen->rfbListenSock[i]); server->priv->io_watch[i] = g_io_add_watch (server->priv->io_channel[i], G_IO_IN|G_IO_PRI, -- 2.17.0