From 9feccc625b63b2beba63d528c78fbf32760ccfbd Mon Sep 17 00:00:00 2001 From: Gregor Riepl Date: Fri, 24 Aug 2012 06:19:52 -0500 Subject: [PATCH] The listener is opened on INADDR_ANY, so it will accept any network connection, no matter if it is originating locally or from the outside of the host. There is no check in place to discard non-local connections. The only security against a malicious attack would be provided by a local firewall, which is not guaranteed to be installed on every workstation kicad is used on. I tested this, and a host running eeschema accepts connections on TCP port 4243 from other hosts on the internet. A patch to remedy this potentially serious security hole is attached. It creates the listener on localhost instead. A flag is provided to allow the creation of sockets on 0.0.0.0 instead, if required. localhost is the default. --- common/eda_dde.cpp | 5 ++++- include/eda_dde.h | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/common/eda_dde.cpp b/common/eda_dde.cpp index b9c33d36cf..bb280c8810 100644 --- a/common/eda_dde.cpp +++ b/common/eda_dde.cpp @@ -35,12 +35,15 @@ void SetupServerFunction( void (*remotefct)(const char* remotecmd) ) /* Function to initialize a server socket */ -WinEDA_Server* CreateServer( wxWindow* window, int service ) +WinEDA_Server* CreateServer( wxWindow* window, int service, bool local ) { wxIPV4address addr; // Create a new server addr.Service( service ); + // Listen on localhost only if requested + if( local ) + addr.Hostname( HOSTNAME ); server = new wxServer( addr ); diff --git a/include/eda_dde.h b/include/eda_dde.h index fbde3b56a7..856b354a1d 100644 --- a/include/eda_dde.h +++ b/include/eda_dde.h @@ -30,7 +30,7 @@ /* autres fonctions */ /********************/ -WinEDA_Server * CreateServer( wxWindow * window, int port ); +WinEDA_Server * CreateServer( wxWindow * window, int port, bool local = true ); bool SendCommand( int port, const char* cmdline ); void SetupServerFunction( void (*remotefct) (const char* remotecmd) );