From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Apr 7 11:30:03 2014 Return-Path: Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 19979A39 for ; Mon, 7 Apr 2014 11:30:03 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E9E7BF59 for ; Mon, 7 Apr 2014 11:30:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s37BU2dI080683 for ; Mon, 7 Apr 2014 11:30:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s37BU2q5080682; Mon, 7 Apr 2014 11:30:02 GMT (envelope-from gnats) Resent-Date: Mon, 7 Apr 2014 11:30:02 GMT Resent-Message-Id: <201404071130.s37BU2q5080682@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Natacha Porté Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 83E8389D for ; Mon, 7 Apr 2014 11:21:39 +0000 (UTC) Received: from cgiserv.freebsd.org (cgiserv.freebsd.org [IPv6:2001:1900:2254:206a::50:4]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 56C29F0E for ; Mon, 7 Apr 2014 11:21:39 +0000 (UTC) Received: from cgiserv.freebsd.org ([127.0.1.6]) by cgiserv.freebsd.org (8.14.8/8.14.8) with ESMTP id s37BLc4m041707 for ; Mon, 7 Apr 2014 11:21:38 GMT (envelope-from nobody@cgiserv.freebsd.org) Received: (from nobody@localhost) by cgiserv.freebsd.org (8.14.8/8.14.8/Submit) id s37BLcFb041701; Mon, 7 Apr 2014 11:21:38 GMT (envelope-from nobody) Message-Id: <201404071121.s37BLcFb041701@cgiserv.freebsd.org> Date: Mon, 7 Apr 2014 11:21:38 GMT From: Natacha Porté To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: ports/188342: [PATCH] www/aws tries to bind to loopback address X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Apr 2014 11:30:03 -0000 >Number: 188342 >Category: ports >Synopsis: [PATCH] www/aws tries to bind to loopback address >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Apr 07 11:30:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Natacha Porté >Release: 9.2-RELEASE >Organization: >Environment: FreeBSD nat.rebma.instinctive.eu 9.2-RELEASE FreeBSD 9.2-RELEASE #0 r255898: Thu Sep 26 22:50:31 UTC 2013 root@bake.isc.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 >Description: To build an internal socket pair, www/aws listens on a socket bound to 127.0.0.1 and connected to it, returning connected and accepted sockets after some sanity checks (and closing the listening socket). One of those sanity checks is that the address of the remote peer of the accepted socket is indeed 127.0.0.1. However in a jailed environment, binding to 127.0.0.1 might not be possible, and is instead silently interpreted as binding to the main IP address of the jail (e.g. 172.16.0.2). During the connection, 127.0.0.1 is reinterpreted as well, so the connection is successful. However the sanity check fails, because remote address is not 127.0.0.1 but 127.16.0.2. Since this is an issue only because of a pecuilarity in FreeBSD jail environment, I don't believe this issue to be worth reporting upstream. Attached to this PR is a patch that changes the sanity check from comparing against hardcoded "127.0.0.1" to comparing against the address associated with the connected socket, which keeps the intent of the code. >How-To-Repeat: Start a program that uses www/aws to listen for HTTP connections (www/aws-demos provides a bunch of them), inside a jailed environment that doesn't inherit host network interface and that doesn't have 127.0.0.1 as one of its aliases. It will fail after about 250ms (internal timeout of the socket connection described above). >Fix: Add the attached patch as ports/www/aws/files/patch-src_core_aws-net.adb Patch attached with submission follows: --- src/core/aws-net.adb.orig 2014-04-03 07:44:04.691630539 +0200 +++ src/core/aws-net.adb 2014-04-03 15:48:00.868957657 +0200 @@ -439,7 +439,7 @@ -- to be shure that it is S1 and S2 connected together - exit when Peer_Addr (STC (S2)) = Local_Host + exit when Peer_Addr (STC (S2)) = Get_Addr (STC (S1)) and then Peer_Port (STC (S2)) = Get_Port (STC (S1)) and then Peer_Port (STC (S1)) = Get_Port (STC (S2)); >Release-Note: >Audit-Trail: >Unformatted: