[vim/vim] channel.c: Require hostname/address for `ch_listen()` (PR #19799)

6 views
Skip to first unread message

zdohnal

unread,
Mar 23, 2026, 5:33:15 AM (yesterday) Mar 23
to vim/vim, Subscribed

This will prevent unintentional binding the process to public network interfaces, and opening Vim to communication from outside network if firewall allows it.

You can view, comment on, or merge this pull request online at:

  https://github.com/vim/vim/pull/19799

Commit Summary

  • 1e522b0 channel.c: Require hostname/address for `ch_listen()`

File Changes

(1 file)

Patch Links:


Reply to this email directly, view it on GitHub.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/19799@github.com>

Christian Brabandt

unread,
Mar 23, 2026, 2:17:38 PM (yesterday) Mar 23
to vim/vim, Subscribed
chrisbra left a comment (vim/vim#19799)

thanks. What is the issue with the indentation change? Also can you please fix the codeql warning? I think the hostname cannot be null anyhow, since you add a test for it right at the beginning.


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/19799/c4112744391@github.com>

zdohnal

unread,
9:19 AM (14 hours ago) 9:19 AM
to vim/vim, Push

@zdohnal pushed 1 commit.


View it on GitHub.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/19799/before/1e522b04b288ffb2db72442843ba353adb557011/after/5880108d144709c999d2910dcd16426e41c61b1e@github.com>

zdohnal

unread,
9:22 AM (14 hours ago) 9:22 AM
to vim/vim, Subscribed
zdohnal left a comment (vim/vim#19799)

hi @chrisbra !

ad indentation - I followed the style in the function - there is 4 space per indent, and every 8 spaces is a tab - I have followed this style in the file and it is why Github shows it that way (so far I have not been able to set Github to show tabs properly - that's why personally prefer using spaces everywhere - everywhere it is shown the same way).

ad codecov error - I have fixed it now.

Thank you for the review!

OT question - is it expected to pass non-localhost address to that function in plugins, or only loopback? I could send PR for enforcing loopback, which could narrow the attack vector further.


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/19799/c4118242250@github.com>

Christian Brabandt

unread,
4:15 PM (7 hours ago) 4:15 PM
to vim/vim, Subscribed
chrisbra left a comment (vim/vim#19799)

That is tricky. I think we should try to restrict to localhost if possible. @mattn does that work for you?


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/19799/c4121075410@github.com>

Reply all
Reply to author
Forward
0 new messages