[Libreoffice-bugs] [Bug 115163] New: Hardcoded Listen Address

Mon, 22 Jan 2018 21:13:17 -0800 

https://bugs.documentfoundation.org/show_bug.cgi?id=115163

            Bug ID: 115163
           Summary: Hardcoded Listen Address
           Product: LibreOffice Online
           Version: unspecified
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: medium
         Component: LibreOffice
          Assignee: [email protected]
          Reporter: [email protected]

loolwsd is hardcoded to bind to 0.0.0.0. If you run it by default it opens two
ports

# netstat -p -t tcp -l -n
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
PID/Program name    
...
tcp        0      0 0.0.0.0:9980            0.0.0.0:*               LISTEN     
1739/loolwsd        
tcp        0      0 127.0.0.1:9981          0.0.0.0:*               LISTEN     
1739/loolwsd    

Why is this? Most web daemons let  me pick a listen address, so that I can, if
I want, put it behind nginx/apache/whatever. Is this just an oversight because
your default supported config assumes everyone will wrap loolwsd inside docker
and use `docker port 127.0.0.1:9980:9980` to wrap it.

The code that causes this is because the 9980 websocket port is hardcoded to
"Type::Public", and that causes:

https://cgit.freedesktop.org/libreoffice/online/tree/wsd/LOOLWSD.cpp#n2605
```
        std::shared_ptr<ServerSocket> socket = getServerSocket(
            ServerSocket::Type::Public, port, WebServerPoll, factory);
```

https://cgit.freedesktop.org/libreoffice/online/tree/wsd/LOOLWSD.cpp#n2555

```
        if (!serverSocket->bind(type, port))
            return nullptr;
```


https://cgit.freedesktop.org/libreoffice/online/tree/net/Socket.cpp#n210

```
        if (type == Type::Public)
            addrv4.sin_addr.s_addr = type == htonl(INADDR_ANY);
        else
            addrv4.sin_addr.s_addr = type == htonl(INADDR_LOOPBACK);
```


Instead of this trying to be helpful, can there please be a <listen> config
option? I just want to be able to tell loolwsd "listen here, I promise I know
what I'm doing"

In practice this doesn't seem to hurt me; I have nginx fronting loolwsd so no
one actually speaks unencrypted to loolwsd, but there's the potential that
someone might misconfigure a client somewhere and that worries me.

-- 
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Libreoffice-bugs mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

Reply via email to