Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-3772

Qpid broker on Windows allows multiple, simultaneous processes to listen to broker port

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.14
    • Fix Version/s: 0.23
    • Component/s: C++ Broker
    • Labels:
    • Environment:

      Windows broker

      Description

      Socket code on windows allows multiple, simultaneous listening processes on broker port.
      C:\Windows\system32>netstat -anb

      TCP 0.0.0.0:5672 0.0.0.0:0 LISTENING
      [qpidd2.exe]
      TCP 0.0.0.0:5672 0.0.0.0:0 LISTENING
      [qpidd.exe]

      This is a security issue as it allows a rogue process to hijack connections directed to the broker.

      A simple first step is in Socket.cpp to change SO_REUSEADDR to SO_EXCLUSIVEADDRUSE as described in
      http://msdn.microsoft.com/en-us/library/windows/desktop/cc150667%28v=vs.85%29.aspx

        Attachments

          Activity

            People

            • Assignee:
              astitcher Andrew Stitcher
              Reporter:
              chug Chuck Rolke
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: