You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Andrew Fullford <ak...@august.com> on 1999/05/01 03:28:19 UTC

mod_jserv/4340: socket connection to jserv should be bound to host address

>Number:         4340
>Category:       mod_jserv
>Synopsis:       socket connection to jserv should be bound to host address
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    jserv
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Apr 30 18:30:00 PDT 1999
>Last-Modified:
>Originator:     akfullfo@august.com
>Organization:
apache
>Release:        Apache 1.3.6, ApacheJServ-1.0b4
>Environment:
Linux 2.2, Solaris 2.6, 7
JDK 1.1.6
>Description:
when operating on a system with multiple virtual interfaces, it is necessary
to specify a host IP address for the running jserv otherwise all connections
are attempted against 127.0.0.1, which is typically not the correct process,
if it exists at all.  When a connection is started on an unnamed socket, the
O/S will (somewhat randomly) assign the source address for the connection from
the available virtual interfaces.  This makes it difficult to define the list
of acceptable hosts to the security.allowedAddresses property.

I realize it is possible to avoid the collision by running jserv on separate
ports for each http server instance.  However this requires an external port
allocation mechanism.  Such allocation is already well established via the
separate virtual interfaces.
>How-To-Repeat:
have a host with multiple virtual interfaces, run two independent apache servers
and try to get them to communicate with their respective jservs.
>Fix:
At line 102 in jserv_ajpv11.c, add:

   ret=bind(sock,(struct sockaddr *)&addr,sizeof(struct sockaddr_in));

This will set the source address to the target address, which should be
correct for all cases I can think of as the jserv is guaranteed to be running
on the local machine.  I guess you should also test the return value :-)
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]