tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From craig...@locus.apache.org
Subject cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/service/connector Ajp12ConnectionHandler.java
Date Mon, 24 Apr 2000 23:06:05 GMT
craigmcc    00/04/24 16:06:05

  Modified:    src/share/org/apache/tomcat/service/connector
                        Ajp12ConnectionHandler.java
  Log:
  Disallow shutdowns of Tomcat unless the client connection was made from
  the same IP address as the server.  Otherwise, anyone who peruses the
  Tomcat source code can easily figure out how to shut it down remotely.
  
  NOTE:  The hokiness of the patch is a workaround to a bug in the IBM 1.1.8
  JVM for Linux, which returns the bytes of the InetAddress backwards on one
  of the two addresses retrieved from a Socket -- rendering the "equals"
  test that was proposed not useful.
  
  PR: 277
  Submitted by:	wjm@metronet.com
  
  Revision  Changes    Path
  1.23      +41 -1     jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Ajp12ConnectionHandler.java
  
  Index: Ajp12ConnectionHandler.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Ajp12ConnectionHandler.java,v
  retrieving revision 1.22
  retrieving revision 1.23
  diff -u -r1.22 -r1.23
  --- Ajp12ConnectionHandler.java	2000/04/17 21:02:29	1.22
  +++ Ajp12ConnectionHandler.java	2000/04/24 23:06:05	1.23
  @@ -173,6 +173,7 @@
   	    e.printStackTrace();
   	}
       }
  +
   }
   
   class AJP12RequestAdapter extends RequestImpl {
  @@ -376,8 +377,12 @@
   		    } else {
   			try {
   			    // close the socket connection before handling any signal
  +			    // but get the addresses first so they are not corrupted
  +			    InetAddress serverAddr = socket.getLocalAddress();
  +			    InetAddress clientAddr = socket.getInetAddress();
   			    sin.close();
  -			    if ( signal== 15 ) {
  +			    if ( (signal== 15) &&
  +				 isSameAddress(serverAddr, clientAddr) ) {
   				// Shutdown - probably apache was stoped with apachectl stop
   				contextM.stop();
   				// same behavior as in past, because it seems that
  @@ -446,6 +451,41 @@
   	// XXX
   	// Support persistent connection in AJP21
   	//moreRequests = false;
  +    }
  +
  +    /**
  +     * Return <code>true</code> if the specified client and server addresses
  +     * are the same.  This method works around a bug in the IBM 1.1.8 JVM on
  +     * Linux, where the address bytes are returned reversed in some
  +     * circumstances.
  +     *
  +     * @param server The server's InetAddress
  +     * @param client The client's InetAddress
  +     */
  +    private boolean isSameAddress(InetAddress server, InetAddress client) {
  +
  +	// Compare the byte array versions of the two addresses
  +	byte serverAddr[] = server.getAddress();
  +	byte clientAddr[] = client.getAddress();
  +	if (serverAddr.length != clientAddr.length)
  +	    return (false);
  +	boolean match = true;
  +	for (int i = 0; i < serverAddr.length; i++) {
  +	    if (serverAddr[i] != clientAddr[i]) {
  +		match = false;
  +		break;
  +	    }
  +	}
  +	if (match)
  +	    return (true);
  +
  +	// Compare the reversed form of the two addresses
  +	for (int i = 0; i < serverAddr.length; i++) {
  +	    if (serverAddr[i] != clientAddr[(serverAddr.length-1)-i])
  +		return (false);
  +	}
  +	return (true);
  +
       }
   
   }
  
  
  

Mime
View raw message