- Reported
-
- Issued
-
- Package
-
tokio
(crates.io)
- Type
-
Vulnerability
- Keywords
-
#configuration-failure
- Aliases
-
- References
-
- Patched
-
>=1.18.4, <1.19.0
>=1.20.3, <1.21.0
>=1.23.1
- Unaffected
-
- Affected OSes
-
Description
On Windows, configuring a named pipe server with pipe_mode will force ServerOptions::reject_remote_clients as false
.
This drops any intended explicit configuration for the reject_remote_clients that may have been set as true
previously.
The default setting of reject_remote_clients is normally true
meaning the default is also overridden as false
.
Workarounds
Ensure that pipe_mode is set first after initializing a ServerOptions. For example:
let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);
Advisory available under CC0-1.0
license.