Race condition in WinVNC

Greg Hewgill greg "at" hewgill.com
Fri, 23 Oct 1998 05:23:31 +0000

I have identified a race condition in the startup of WinVNC. I discovered
this problem today when trying to connect to a machine I had just rebooted
(WinVNC is installed as an auto-start service). I started my VNC viewer, and
tried to connect to the server. The first time the connection was refused,
but I tried again immediately and (much to my surprise) it let me straight
in without even asking for a password!

I looked at the code for the server and the problem appears to be in the
WinVNCAppMain() function. The server.SockConnect() function is called before
a new vncMenu object is created, which means a thread will start listening
on the socket before the server settings are loaded (the settings are loaded
by the vncMenu object). If the m_passwd_required field of the vncServer
object happens to be 0 (it is not initialized), then no password will be
required for a short time until the settings are loaded.

I presume this could be fixed by moving the creation of the vncMenu object
above the initialization of the two connection listeners.

Greg Hewgill

The VNC mailing list     -   see http://www.orl.co.uk/vnc/intouch.html