[jira] [Commented] (QPID-3772) Qpid broker on Windows allows multiple, simultaneous processes to listen to broker port

Wed, 08 May 2013 13:19:17 -0700 

    [ 
https://issues.apache.org/jira/browse/QPID-3772?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13652299#comment-13652299
 ] 

Andrew Stitcher commented on QPID-3772:
---------------------------------------

Tested the patch and it stops multiple versions of the broker being able to 
start using the same port:
...
2013-05-08 16:06:41 [Broker] critical Unexpected error: Can't bind to 
[::]:5672: Only one usage of each socket address (protocol/network 
address/port) is normally permitted.  
(C:\Users\andrew\Documents\GitHub\qpid\qpid\cpp\src\qpid\sys\windows\WinSocket.cpp:209)
...
Is what we now get in the second instance to start up.
                
> Qpid broker on Windows allows multiple, simultaneous processes to listen to 
> broker port
> ---------------------------------------------------------------------------------------
>
>                 Key: QPID-3772
>                 URL: https://issues.apache.org/jira/browse/QPID-3772
>             Project: Qpid
>          Issue Type: Bug
>          Components: C++ Broker
>    Affects Versions: 0.14
>         Environment: Windows broker
>            Reporter: Chuck Rolke
>            Assignee: Andrew Stitcher
>              Labels: security
>             Fix For: 0.23
>
>         Attachments: 0001-QPID-3772-Fix-Windows-socket-options.patch
>
>
> Socket code on windows allows multiple, simultaneous listening processes on 
> broker port. 
>   C:\Windows\system32>netstat -anb
>   TCP    0.0.0.0:5672           0.0.0.0:0              LISTENING
>  [qpidd2.exe]
>   TCP    0.0.0.0:5672           0.0.0.0:0              LISTENING
>  [qpidd.exe]
> This is a security issue as it allows a rogue process to hijack connections 
> directed to the broker.
> A simple first step is in Socket.cpp to change SO_REUSEADDR to 
> SO_EXCLUSIVEADDRUSE as described in
> http://msdn.microsoft.com/en-us/library/windows/desktop/cc150667%28v=vs.85%29.aspx

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to