Developers,
I have encountered a bug in the way vncviewer manages
local ports when doing SSH tunneling (i.e. the "-via" option).
The
current logic finds a free TCP port by attempting a bind to a series of
predetermined port numbers (in network::findFreeTcpPort). If a bind
succeeds, the viewer chooses that port (and closes the temporarily-bound
socket). The viewer then proceeds to tell SSH to open a connection to
the gateway host with the chosen port as the first argument to SSH's
"-L" flag.
The problem we've seen happens when a user starts two
vncviewer processes to different servers within a couple seconds of each
other, and both use a "-via" option. The second vncviewer process ends
up choosing the same local port, ostensibly because there's a time gap
between findFreeTcpPort's successful bind and when the SSH command
actually binds to that local port. I haven't looked at the SSH code, but
it appears that the local port isn't actually opened and bound until the
initial login connection has been established (which takes 4-6 seconds
on these particular connections).
The second vncviewer doesn't notice
the errors reported by SSH when it fails to bind to the already-in-use
port, and happily connects to that port. The end result is that both
viewers are displaying the desktop of the first server, and the second
SSH connection is just sitting there half-initialized.
It seems like
the viewer needs to do some kind of reservation on the local port it
chooses. There are many possible ways to do that, but it obviously
involves some kind of communication between the two viewer processes and
I wasn't sure how you would prefer to implement that kind of
communication.
Let me know if I can help in any way!
Thanks,
Eric
------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand
malware threats, the impact they can have on your business, and how you
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Tigervnc-devel mailing list
Tigervnc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
