493414 – net-misc/minidlna always listens on 0.0.0.0

Bug 493414 - net-misc/minidlna always listens on 0.0.0.0

Summary: net-misc/minidlna always listens on 0.0.0.0

Status:	RESOLVED NEEDINFO

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Server (show other bugs)
Hardware:	All Linux

Importance:	Normal enhancement
Assignee:	Michael Weber (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-12-06 02:16 UTC by Mike Blumenkrantz
Modified:	2015-10-03 12:43 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
force listening on user configured address (minidlna.patch,463 bytes, patch) 2013-12-06 02:16 UTC, Mike Blumenkrantz	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mike Blumenkrantz 2013-12-06 02:16:39 UTC

Created attachment 364692 [details, diff]
force listening on user configured address

Not sure if I'm filing this under the right product/component, sorry if I'm wrong.

net-misc/minidlna always listens on 0.0.0.0 even if the config/cmdline is set to bind to another address. The listener is also parsing HTTP, so it seems like a pretty easy thing to exploit if you aren't aware that this is an issue and there's any vulnerability.

I made a small patch which just forces it to use the first configured listen address. I've been using it locally and it seems to work.

Comment 1 Agostino Sarubbo gentoo-dev

2013-12-09 19:52:39 UTC

I'd suggest to check what upstream think about.

Comment 2 Alex Legler (RETIRED) archtester

2013-12-10 07:33:39 UTC

I'd wager the guess this might break support for multiple interfaces.

At any rate, there is no direct link to a security issue, reassigning to maintainer.

Comment 3 Michael Weber (RETIRED) gentoo-dev

2015-10-03 12:43:23 UTC

Did you talk with upstream about it?