Bug 188342 - [PATCH] www/aws tries to bind to loopback address
[PATCH] www/aws tries to bind to loopback address
Status: Closed FIXED
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s)
Latest
Any Any
: Normal Affects Only Me
Assigned To: John Marino
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-04-07 12:30 UTC by Natacha Porté
Modified: 2014-04-13 13:33 UTC (History)
0 users

See Also:


Attachments
file.diff (462 bytes, patch)
2014-04-07 12:30 UTC, Natacha Porté
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Natacha Porté 2014-04-07 12:30:00 UTC
To build an internal socket pair, www/aws listens on a socket bound to 127.0.0.1 and connected to it, returning connected and accepted sockets after some sanity checks (and closing the listening socket).

One of those sanity checks is that the address of the remote peer of the accepted socket is indeed 127.0.0.1.

However in a jailed environment, binding to 127.0.0.1 might not be possible, and is instead silently interpreted as binding to the main IP address of the jail (e.g. 172.16.0.2). During the connection, 127.0.0.1 is reinterpreted as well, so the connection is successful. However the sanity check fails, because remote address is not 127.0.0.1 but 127.16.0.2.

Since this is an issue only because of a pecuilarity in FreeBSD jail environment, I don't believe this issue to be worth reporting upstream.

Attached to this PR is a patch that changes the sanity check from comparing against hardcoded "127.0.0.1" to comparing against the address associated with the connected socket, which keeps the intent of the code.

Fix: Add the attached patch as ports/www/aws/files/patch-src_core_aws-net.adb

Patch attached with submission follows:
How-To-Repeat: Start a program that uses www/aws to listen for HTTP connections (www/aws-demos provides a bunch of them), inside a jailed environment that doesn't inherit host network interface and that doesn't have 127.0.0.1 as one of its aliases.

It will fail after about 250ms (internal timeout of the socket connection described above).
Comment 1 Edwin Groothuis freebsd_committer 2014-04-07 12:30:07 UTC
Responsible Changed
From-To: freebsd-ports-bugs->marino

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 freebsd.contact 2014-04-13 11:33:01 UTC
Hi Natacha,
This seems reasonable.
I might disagree it's not worth reporting upstream though.  There might
be other environments that have the same issue, plus you've just proven
that the sanity check is flawed logically.

AWS is getting long in the tooth and is due for an update anyway.  I'll
have to check if this is still an issue in the latest version.

John
Comment 3 dfilter freebsd_committer 2014-04-13 12:41:51 UTC
Author: marino
Date: Sun Apr 13 11:41:47 2014
New Revision: 351204
URL: http://svnweb.freebsd.org/changeset/ports/351204
QAT: https://qat.redports.org/buildarchive/r351204/

Log:
  www/aws: Fix usage of aws in jailed environment
  
  AWS has a sanity check that assumes that binding to the standard loopback
  address of 127.0.0.1 is always possible, but this is not a good assumption
  inside a FreeBSD jail.  The result is that connection is success because
  it adjusts the 127.0.0.1 address correctly on the fly, but the sanity
  check is no longer valid.  The provided patch changes the sanity check to
  get the address rather than assuming 127.0.0.1.
  
  PR:		ports/188342
  submitted by:	Natacha Porte
  Approved by:	maintainer (myself)

Added:
  head/www/aws/files/patch-src_core_aws-net.adb   (contents, props changed)
Modified:
  head/www/aws/Makefile

Modified: head/www/aws/Makefile
==============================================================================
--- head/www/aws/Makefile	Sun Apr 13 11:40:10 2014	(r351203)
+++ head/www/aws/Makefile	Sun Apr 13 11:41:47 2014	(r351204)
@@ -3,7 +3,7 @@
 
 PORTNAME=	aws
 PORTVERSION=	3.1.0.0
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	www
 MASTER_SITES=	http://downloads.dragonlace.net/src/
 
@@ -13,15 +13,14 @@ COMMENT=	Adacore Ada Web Server and fram
 LICENSE=	GPLv3 GPLv3RLE
 LICENSE_COMB=	multi
 
-BUILD_DEPENDS=	gprbuild>=20120510:${PORTSDIR}/devel/gprbuild \
+BUILD_DEPENDS=	gprbuild:${PORTSDIR}/devel/gprbuild \
 		xmlada>=3.2:${PORTSDIR}/textproc/xmlada \
 		gnatpython>=20101207:${PORTSDIR}/devel/gnatpython
 
 USE_PYTHON=	yes
-USE_BZIP2=	yes
 GNU_CONFIGURE=	yes
 NO_MTREE=	yes
-USES=		ada gmake
+USES=		ada gmake tar:bzip2
 DOTBUILD=	release
 ADDL_RPATH=	${LOCALBASE}/lib:${LOCALBASE}/lib/aws/native/relocatable
 

Added: head/www/aws/files/patch-src_core_aws-net.adb
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/aws/files/patch-src_core_aws-net.adb	Sun Apr 13 11:41:47 2014	(r351204)
@@ -0,0 +1,10 @@
+--- src/core/aws-net.adb.orig	2014-04-03 07:44:04.691630539 +0200
++++ src/core/aws-net.adb	2014-04-03 15:48:00.868957657 +0200
+@@ -439,7 +439,7 @@
+ 
+          --  to be shure that it is S1 and S2 connected together
+ 
+-         exit when Peer_Addr (STC (S2)) = Local_Host
++         exit when Peer_Addr (STC (S2)) = Get_Addr (STC (S1))
+            and then Peer_Port (STC (S2)) = Get_Port (STC (S1))
+            and then Peer_Port (STC (S1)) = Get_Port (STC (S2));
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 4 John Marino freebsd_committer 2014-04-13 13:33:19 UTC
State Changed
From-To: open->closed

Committed. Thanks!