From 828ee07657914212f81152a768a8ec43bb73db03 Mon Sep 17 00:00:00 2001 From: Paul Fertser Date: Sat, 13 Jan 2018 16:22:10 +0300 Subject: [PATCH] server: bind to IPv4 localhost by default Since OpenOCD basically allows to perform arbitrary actions on behalf of the running user, it makes sense to restrict the exposure by default. If you need network connectivity and your environment is safe enough, use "bindto 0.0.0.0" to switch to the old behaviour. Change-Id: I4a4044b90d0ecb30118cea96fc92a7bcff0924e0 Signed-off-by: Paul Fertser Reviewed-on: http://openocd.zylin.com/4331 Reviewed-by: Jonathan McDowell Reviewed-by: Antonio Borneo Tested-by: jenkins --- doc/openocd.texi | 8 +++++--- src/server/server.c | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/doc/openocd.texi b/doc/openocd.texi index 6362b41f29..73d64b3dc2 100644 --- a/doc/openocd.texi +++ b/doc/openocd.texi @@ -7132,9 +7132,11 @@ the initial log output channel is stderr. Add @var{directory} to the file/script search path. @end deffn -@deffn Command bindto [name] -Specify address by name on which to listen for incoming TCP/IP connections. -By default, OpenOCD will listen on all available interfaces. +@deffn Command bindto [@var{name}] +Specify hostname or IPv4 address on which to listen for incoming +TCP/IP connections. By default, OpenOCD will listen on the loopback +interface only. If your network environment is safe, @code{bindto +0.0.0.0} can be used to cover all available interfaces. @end deffn @anchor{targetstatehandling} diff --git a/src/server/server.c b/src/server/server.c index 8fd2d71d4f..4e806563ca 100644 --- a/src/server/server.c +++ b/src/server/server.c @@ -259,7 +259,7 @@ int add_service(char *name, c->sin.sin_family = AF_INET; if (bindto_name == NULL) - c->sin.sin_addr.s_addr = INADDR_ANY; + c->sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK); else { hp = gethostbyname(bindto_name); if (hp == NULL) { -- 2.30.2