Impact
When configuring a Windows named pipe server, setting pipe_mode will reset reject_remote_clients to false. If the application has previously configured reject_remote_clients to true, this effectively undoes the configuration. This also applies if reject_remote_clients is not explicitly set as this is the default configuration and is cleared by calling pipe_mode.
Remote clients may only access the named pipe if the named pipe's associated path is accessible via a publically shared folder (SMB).
Patches
The following versions have been patched:
The fix will also be present in all releases starting from version 1.24.0.
Named pipes were introduced to Tokio in version 1.7.0, so releases older than 1.7.0 are not affected.
Workarounds
Ensure that pipe_mode is set first after initializing a ServerOptions. For example:
let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);
References
https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createnamedpipea#pipe_reject_remote_clients
Impact
When configuring a Windows named pipe server, setting
pipe_modewill resetreject_remote_clientstofalse. If the application has previously configuredreject_remote_clientstotrue, this effectively undoes the configuration. This also applies ifreject_remote_clientsis not explicitly set as this is the default configuration and is cleared by callingpipe_mode.Remote clients may only access the named pipe if the named pipe's associated path is accessible via a publically shared folder (SMB).
Patches
The following versions have been patched:
The fix will also be present in all releases starting from version 1.24.0.
Named pipes were introduced to Tokio in version 1.7.0, so releases older than 1.7.0 are not affected.
Workarounds
Ensure that
pipe_modeis set first after initializing aServerOptions. For example:References
https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createnamedpipea#pipe_reject_remote_clients