rep.sequenceNumber = client->sequence;
/*
- * Allow to change only certain parameters.
- * Changing other parameters (for example PAM service name)
- * could have negative security impact.
+ * Prevent change of clipboard related parameters if clipboard is disabled.
*/
- if (strncasecmp(param, "desktop", 7) != 0 &&
- strncasecmp(param, "AcceptPointerEvents", 19) != 0 &&
- (vncNoClipboard || strncasecmp(param, "SendCutText", 11) != 0) &&
- (vncNoClipboard || strncasecmp(param, "AcceptCutText", 13) != 0))
+ if (vncNoClipboard &&
+ (strncasecmp(param, "SendCutText", 11) == 0 ||
+ strncasecmp(param, "AcceptCutText", 13) == 0))
+ goto deny;
+
+ if (!vncOverrideParam(param))
goto deny;
- vncSetParamSimple(param);
rep.success = 1;
// Send DesktopName update if desktop name has been changed
#include <stdio.h>
#include <errno.h>
+#include <set>
+#include <string>
+
#include <rfb/Configuration.h>
#include <rfb/Logger_stdio.h>
#include <rfb/LogWriter.h>
int vncInetdSock = -1;
+struct CaseInsensitiveCompare {
+ bool operator() (const std::string &a, const std::string &b) const {
+ return strcasecmp(a.c_str(), b.c_str()) < 0;
+ }
+};
+
+typedef std::set<std::string, CaseInsensitiveCompare> ParamSet;
+static ParamSet allowOverrideSet;
+
rfb::StringParameter httpDir("httpd",
"Directory containing files to serve via HTTP",
"");
rfb::BoolParameter avoidShiftNumLock("AvoidShiftNumLock",
"Avoid fake Shift presses for keys affected by NumLock.",
true);
+rfb::StringParameter allowOverride("AllowOverride",
+ "Comma separated list of parameters that can be modified using VNC extension.",
+ "desktop,AcceptPointerEvents,SendCutText,AcceptCutText");
static PixelFormat vncGetPixelFormat(int scrIdx)
{
redShift, greenShift, blueShift);
}
+static void parseOverrideList(const char *text, ParamSet &out)
+{
+ for (const char* iter = text; ; ++iter) {
+ if (*iter == ',' || *iter == '\0') {
+ out.insert(std::string(text, iter));
+ text = iter + 1;
+
+ if (*iter == '\0')
+ break;
+ }
+ }
+}
+
void vncExtensionInit(void)
{
int ret;
try {
if (!initialised) {
rfb::initStdIOLoggers();
+
+ parseOverrideList(allowOverride, allowOverrideSet);
+ allowOverride.setImmutable();
+
initialised = true;
}
{
desktop[scrIdx]->refreshScreenLayout();
}
+
+int vncOverrideParam(const char *nameAndValue)
+{
+ const char* equalSign = strchr(nameAndValue, '=');
+ if (!equalSign)
+ return 0;
+
+ std::string key(nameAndValue, equalSign);
+ if (allowOverrideSet.find(key) == allowOverrideSet.end())
+ return 0;
+
+ return rfb::Configuration::setParam(nameAndValue);
+}
projects / tigervnc.git / commitdiff