To build an internal socket pair, www/aws listens on a socket bound to 127.0.0.1 and connected to it, returning connected and accepted sockets after some sanity checks (and closing the listening socket). One of those sanity checks is that the address of the remote peer of the accepted socket is indeed 127.0.0.1. However in a jailed environment, binding to 127.0.0.1 might not be possible, and is instead silently interpreted as binding to the main IP address of the jail (e.g. 172.16.0.2). During the connection, 127.0.0.1 is reinterpreted as well, so the connection is successful. However the sanity check fails, because remote address is not 127.0.0.1 but 127.16.0.2. Since this is an issue only because of a pecuilarity in FreeBSD jail environment, I don't believe this issue to be worth reporting upstream. Attached to this PR is a patch that changes the sanity check from comparing against hardcoded "127.0.0.1" to comparing against the address associated with the connected socket, which keeps the intent of the code. Fix: Add the attached patch as ports/www/aws/files/patch-src_core_aws-net.adb Patch attached with submission follows: How-To-Repeat: Start a program that uses www/aws to listen for HTTP connections (www/aws-demos provides a bunch of them), inside a jailed environment that doesn't inherit host network interface and that doesn't have 127.0.0.1 as one of its aliases. It will fail after about 250ms (internal timeout of the socket connection described above).
Responsible Changed From-To: freebsd-ports-bugs->marino Over to maintainer (via the GNATS Auto Assign Tool)
Hi Natacha, This seems reasonable. I might disagree it's not worth reporting upstream though. There might be other environments that have the same issue, plus you've just proven that the sanity check is flawed logically. AWS is getting long in the tooth and is due for an update anyway. I'll have to check if this is still an issue in the latest version. John
Author: marino Date: Sun Apr 13 11:41:47 2014 New Revision: 351204 URL: http://svnweb.freebsd.org/changeset/ports/351204 QAT: https://qat.redports.org/buildarchive/r351204/ Log: www/aws: Fix usage of aws in jailed environment AWS has a sanity check that assumes that binding to the standard loopback address of 127.0.0.1 is always possible, but this is not a good assumption inside a FreeBSD jail. The result is that connection is success because it adjusts the 127.0.0.1 address correctly on the fly, but the sanity check is no longer valid. The provided patch changes the sanity check to get the address rather than assuming 127.0.0.1. PR: ports/188342 submitted by: Natacha Porte Approved by: maintainer (myself) Added: head/www/aws/files/patch-src_core_aws-net.adb (contents, props changed) Modified: head/www/aws/Makefile Modified: head/www/aws/Makefile ============================================================================== --- head/www/aws/Makefile Sun Apr 13 11:40:10 2014 (r351203) +++ head/www/aws/Makefile Sun Apr 13 11:41:47 2014 (r351204) @@ -3,7 +3,7 @@ PORTNAME= aws PORTVERSION= 3.1.0.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= www MASTER_SITES= http://downloads.dragonlace.net/src/ @@ -13,15 +13,14 @@ COMMENT= Adacore Ada Web Server and fram LICENSE= GPLv3 GPLv3RLE LICENSE_COMB= multi -BUILD_DEPENDS= gprbuild>=20120510:${PORTSDIR}/devel/gprbuild \ +BUILD_DEPENDS= gprbuild:${PORTSDIR}/devel/gprbuild \ xmlada>=3.2:${PORTSDIR}/textproc/xmlada \ gnatpython>=20101207:${PORTSDIR}/devel/gnatpython USE_PYTHON= yes -USE_BZIP2= yes GNU_CONFIGURE= yes NO_MTREE= yes -USES= ada gmake +USES= ada gmake tar:bzip2 DOTBUILD= release ADDL_RPATH= ${LOCALBASE}/lib:${LOCALBASE}/lib/aws/native/relocatable Added: head/www/aws/files/patch-src_core_aws-net.adb ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/aws/files/patch-src_core_aws-net.adb Sun Apr 13 11:41:47 2014 (r351204) @@ -0,0 +1,10 @@ +--- src/core/aws-net.adb.orig 2014-04-03 07:44:04.691630539 +0200 ++++ src/core/aws-net.adb 2014-04-03 15:48:00.868957657 +0200 +@@ -439,7 +439,7 @@ + + -- to be shure that it is S1 and S2 connected together + +- exit when Peer_Addr (STC (S2)) = Local_Host ++ exit when Peer_Addr (STC (S2)) = Get_Addr (STC (S1)) + and then Peer_Port (STC (S2)) = Get_Port (STC (S1)) + and then Peer_Port (STC (S1)) = Get_Port (STC (S2)); _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed. Thanks!