client: introduce auto-connect-localhost= option in client.conf

Partly fixes:

http://pulseaudio.org/ticket/773

Also fixes a security hole since listening on the default port is not
access controlled right now.

diff --git a/man/pulse-client.conf.5.xml.in b/man/pulse-client.conf.5.xml.in
index 46cc845..349b515 100644 (file)
--- a/man/pulse-client.conf.5.xml.in
+++ b/man/pulse-client.conf.5.xml.in
@@ -106,6 +106,16 @@ USA.
       memory overcommit.</p>
     </option>
 
+    <option>
+      <p><opt>auto-connect-localhost=</opt> Automatically try to
+      connect to localhost via IP. Enabling this is a potential
+      security hole since connections are only authenticated one-way
+      and a rogue server might hence fool a client into sending it its
+      private (e.g. VoIP call) data. This was enabled by default on
+      PulseAudio version 0.9.21 and older. Defaults to
+      <opt>no</opt>.</p>
+    </option>
+
   </section>
 
   <section name="Authors">

diff --git a/src/pulse/client-conf.c b/src/pulse/client-conf.c
index 3eaca4d..6c97802 100644 (file)
--- a/src/pulse/client-conf.c
+++ b/src/pulse/client-conf.c
@@ -62,7 +62,8 @@ static const pa_client_conf default_conf = {
     .disable_shm = FALSE,
     .cookie_file = NULL,
     .cookie_valid = FALSE,
-    .shm_size = 0
+    .shm_size = 0,
+    .auto_connect_localhost = FALSE
 };
 
 pa_client_conf *pa_client_conf_new(void) {
@@ -105,6 +106,7 @@ int pa_client_conf_load(pa_client_conf *c, const char *filename) {
         { "disable-shm",            pa_config_parse_bool,     &c->disable_shm, NULL },
         { "enable-shm",             pa_config_parse_not_bool, &c->disable_shm, NULL },
         { "shm-size-bytes",         pa_config_parse_size,     &c->shm_size, NULL },
+        { "auto-connect-localhost", pa_config_parse_bool,     &c->auto_connect_localhost, NULL },
         { NULL,                     NULL,                     NULL, NULL },
     };
 

diff --git a/src/pulse/client-conf.h b/src/pulse/client-conf.h
index 618216f..3bca8fd 100644 (file)
--- a/src/pulse/client-conf.h
+++ b/src/pulse/client-conf.h
@@ -29,7 +29,7 @@
 
 typedef struct pa_client_conf {
     char *daemon_binary, *extra_arguments, *default_sink, *default_source, *default_server, *default_dbus_server, *cookie_file;
-    pa_bool_t autospawn, disable_shm;
+    pa_bool_t autospawn, disable_shm, auto_connect_localhost;
     uint8_t cookie[PA_NATIVE_COOKIE_LENGTH];
     pa_bool_t cookie_valid; /* non-zero, when cookie is valid */
     size_t shm_size;

diff --git a/src/pulse/client.conf.in b/src/pulse/client.conf.in
index e03096e..090713e 100644 (file)
--- a/src/pulse/client.conf.in
+++ b/src/pulse/client.conf.in
@@ -32,3 +32,5 @@
 
 ; enable-shm = yes
 ; shm-size-bytes = 0 # setting this 0 will use the system-default, usually 64 MiB
+
+; auto-connect-localhost = no

diff --git a/src/pulse/context.c b/src/pulse/context.c
index 0018492..85b90ac 100644 (file)
--- a/src/pulse/context.c
+++ b/src/pulse/context.c
@@ -997,8 +997,10 @@ int pa_context_connect(
         }
 
         /* Add TCP/IP on the localhost */
-        c->server_list = pa_strlist_prepend(c->server_list, "tcp6:[::1]");
-        c->server_list = pa_strlist_prepend(c->server_list, "tcp4:127.0.0.1");
+        if (c->conf->auto_connect_localhost) {
+            c->server_list = pa_strlist_prepend(c->server_list, "tcp6:[::1]");
+            c->server_list = pa_strlist_prepend(c->server_list, "tcp4:127.0.0.1");
+        }
 
         /* The system wide instance via PF_LOCAL */
         c->server_list = pa_strlist_prepend(c->server_list, PA_SYSTEM_RUNTIME_PATH PA_PATH_SEP PA_NATIVE_DEFAULT_UNIX_SOCKET);