Qpid
  1. Qpid
  2. QPID-3772

Qpid broker on Windows allows multiple, simultaneous processes to listen to broker port

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.14
    • Fix Version/s: 0.23
    • Component/s: C++ Broker
    • Labels:
    • Environment:

      Windows broker

      Description

      Socket code on windows allows multiple, simultaneous listening processes on broker port.
      C:\Windows\system32>netstat -anb

      TCP 0.0.0.0:5672 0.0.0.0:0 LISTENING
      [qpidd2.exe]
      TCP 0.0.0.0:5672 0.0.0.0:0 LISTENING
      [qpidd.exe]

      This is a security issue as it allows a rogue process to hijack connections directed to the broker.

      A simple first step is in Socket.cpp to change SO_REUSEADDR to SO_EXCLUSIVEADDRUSE as described in
      http://msdn.microsoft.com/en-us/library/windows/desktop/cc150667%28v=vs.85%29.aspx

        Activity

        Chuck Rolke created issue -
        Chuck Rolke made changes -
        Field Original Value New Value
        Fix Version/s Future [ 12315490 ]
        Andrew Stitcher made changes -
        Andrew Stitcher made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Assignee Andrew Stitcher [ astitcher ]
        Fix Version/s 0.23 [ 12324273 ]
        Fix Version/s Future [ 12315490 ]
        Resolution Fixed [ 1 ]
        Justin Ross made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Andrew Stitcher
            Reporter:
            Chuck Rolke
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development