server: bind to IPv4 localhost by default

Since OpenOCD basically allows to perform arbitrary actions on behalf of the running user, it makes sense to restrict the exposure by default. If you need network connectivity and your environment is safe enough, use "bindto 0.0.0.0" to switch to the old behaviour. Change-Id: I4a4044b90d0ecb30118cea96fc92a7bcff0924e0 Signed-off-by: Paul Fertser <fercerpav@gmail.com> Reviewed-on: http://openocd.zylin.com/4331 Reviewed-by: Jonathan McDowell <noodles-openocd@earth.li> Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com> Tested-by: jenkins
2018-01-13 16:22:10 +03:00 · 2018-01-13 16:22:10 +03:00 · 828ee07657
parent ffd6b78a2c
commit 828ee07657
2 changed files with 6 additions and 4 deletions
--- a/doc/openocd.texi
+++ b/doc/openocd.texi
@ -7132,9 +7132,11 @@ the initial log output channel is stderr.
 Add @var{directory} to the file/script search path.
@end deffn

-@deffn Command bindto [name]
-Specify address by name on which to listen for incoming TCP/IP connections.
-By default, OpenOCD will listen on all available interfaces.
+@deffn Command bindto [@var{name}]
+Specify hostname or IPv4 address on which to listen for incoming
+TCP/IP connections. By default, OpenOCD will listen on the loopback
+interface only. If your network environment is safe, @code{bindto
+0.0.0.0} can be used to cover all available interfaces.
@end deffn

@anchor{targetstatehandling}
--- a/src/server/server.c
+++ b/src/server/server.c
@ -259,7 +259,7 @@ int add_service(char *name,
 		c->sin.sin_family = AF_INET;

 		if (bindto_name == NULL)
-			c->sin.sin_addr.s_addr = INADDR_ANY;
+			c->sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
 		else {
 			hp = gethostbyname(bindto_name);
 			if (hp == NULL) {