Bug 188342 - [PATCH] www/aws tries to bind to loopback address
[PATCH] www/aws tries to bind to loopback address
Status: Closed FIXED
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s)
Any Any
: Normal Affects Only Me
Assigned To: John Marino
Depends on:
  Show dependency treegraph
Reported: 2014-04-07 12:30 UTC by Natacha Porté
Modified: 2014-04-13 13:33 UTC (History)
0 users

See Also:

file.diff (462 bytes, patch)
2014-04-07 12:30 UTC, Natacha Porté
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Natacha Porté 2014-04-07 12:30:00 UTC
To build an internal socket pair, www/aws listens on a socket bound to and connected to it, returning connected and accepted sockets after some sanity checks (and closing the listening socket).

One of those sanity checks is that the address of the remote peer of the accepted socket is indeed

However in a jailed environment, binding to might not be possible, and is instead silently interpreted as binding to the main IP address of the jail (e.g. During the connection, is reinterpreted as well, so the connection is successful. However the sanity check fails, because remote address is not but

Since this is an issue only because of a pecuilarity in FreeBSD jail environment, I don't believe this issue to be worth reporting upstream.

Attached to this PR is a patch that changes the sanity check from comparing against hardcoded "" to comparing against the address associated with the connected socket, which keeps the intent of the code.

Fix: Add the attached patch as ports/www/aws/files/patch-src_core_aws-net.adb

Patch attached with submission follows:
How-To-Repeat: Start a program that uses www/aws to listen for HTTP connections (www/aws-demos provides a bunch of them), inside a jailed environment that doesn't inherit host network interface and that doesn't have as one of its aliases.

It will fail after about 250ms (internal timeout of the socket connection described above).
Comment 1 Edwin Groothuis freebsd_committer 2014-04-07 12:30:07 UTC
Responsible Changed
From-To: freebsd-ports-bugs->marino

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 freebsd.contact 2014-04-13 11:33:01 UTC
Hi Natacha,
This seems reasonable.
I might disagree it's not worth reporting upstream though.  There might
be other environments that have the same issue, plus you've just proven
that the sanity check is flawed logically.

AWS is getting long in the tooth and is due for an update anyway.  I'll
have to check if this is still an issue in the latest version.

Comment 3 dfilter freebsd_committer 2014-04-13 12:41:51 UTC
Author: marino
Date: Sun Apr 13 11:41:47 2014
New Revision: 351204
URL: http://svnweb.freebsd.org/changeset/ports/351204
QAT: https://qat.redports.org/buildarchive/r351204/

  www/aws: Fix usage of aws in jailed environment
  AWS has a sanity check that assumes that binding to the standard loopback
  address of is always possible, but this is not a good assumption
  inside a FreeBSD jail.  The result is that connection is success because
  it adjusts the address correctly on the fly, but the sanity
  check is no longer valid.  The provided patch changes the sanity check to
  get the address rather than assuming
  PR:		ports/188342
  submitted by:	Natacha Porte
  Approved by:	maintainer (myself)

  head/www/aws/files/patch-src_core_aws-net.adb   (contents, props changed)

Modified: head/www/aws/Makefile
--- head/www/aws/Makefile	Sun Apr 13 11:40:10 2014	(r351203)
+++ head/www/aws/Makefile	Sun Apr 13 11:41:47 2014	(r351204)
@@ -3,7 +3,7 @@
 MASTER_SITES=	http://downloads.dragonlace.net/src/
@@ -13,15 +13,14 @@ COMMENT=	Adacore Ada Web Server and fram
-BUILD_DEPENDS=	gprbuild>=20120510:${PORTSDIR}/devel/gprbuild \
+BUILD_DEPENDS=	gprbuild:${PORTSDIR}/devel/gprbuild \
 		xmlada>=3.2:${PORTSDIR}/textproc/xmlada \
-USE_BZIP2=	yes
 NO_MTREE=	yes
-USES=		ada gmake
+USES=		ada gmake tar:bzip2
 DOTBUILD=	release
 ADDL_RPATH=	${LOCALBASE}/lib:${LOCALBASE}/lib/aws/native/relocatable

Added: head/www/aws/files/patch-src_core_aws-net.adb
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/aws/files/patch-src_core_aws-net.adb	Sun Apr 13 11:41:47 2014	(r351204)
@@ -0,0 +1,10 @@
+--- src/core/aws-net.adb.orig	2014-04-03 07:44:04.691630539 +0200
++++ src/core/aws-net.adb	2014-04-03 15:48:00.868957657 +0200
+@@ -439,7 +439,7 @@
+          --  to be shure that it is S1 and S2 connected together
+-         exit when Peer_Addr (STC (S2)) = Local_Host
++         exit when Peer_Addr (STC (S2)) = Get_Addr (STC (S1))
+            and then Peer_Port (STC (S2)) = Get_Port (STC (S1))
+            and then Peer_Port (STC (S1)) = Get_Port (STC (S2));
svn-ports-all@freebsd.org mailing list
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 4 John Marino freebsd_committer 2014-04-13 13:33:19 UTC
State Changed
From-To: open->closed

Committed. Thanks!