[QPID-3772] Qpid broker on Windows allows multiple, simultaneous processes to listen to broker port - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 0.14
Fix Version/s: 0.23
Component/s: C++ Broker
Labels:
- security
Environment:

Windows broker

Description

Socket code on windows allows multiple, simultaneous listening processes on broker port.
C:\Windows\system32>netstat -anb

TCP 0.0.0.0:5672 0.0.0.0:0 LISTENING
[qpidd2.exe]
TCP 0.0.0.0:5672 0.0.0.0:0 LISTENING
[qpidd.exe]

This is a security issue as it allows a rogue process to hijack connections directed to the broker.

A simple first step is in Socket.cpp to change SO_REUSEADDR to SO_EXCLUSIVEADDRUSE as described in
http://msdn.microsoft.com/en-us/library/windows/desktop/cc150667%28v=vs.85%29.aspx

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

0001-QPID-3772-Fix-Windows-socket-options.patch
03/May/13 19:54
1 kB
Andrew Stitcher

Activity

People

Assignee:: Andrew Stitcher

Reporter:: Charles E. Rolke

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 19/Jan/12 19:01

Updated:: 08/Sep/13 13:37

Resolved:: 08/May/13 20:16