This repository has been archived by the owner. It is now read-only.

cluster: propagate bind errors #4134

Closed
wants to merge 2 commits into
from

Conversation

Projects
None yet
2 participants
Member

bnoordhuis commented Oct 13, 2012

This commit fixes a bug where the cluster module failed to propagate EADDRINUSE
errors.

When a worker starts a (net, http) server, it requests the listen socket from
its master who then creates and binds the socket.

Now, OS X and Windows don't always signal EADDRINUSE from bind() but instead
defer the error until a later syscall. libuv mimics this behaviour to provide
consistent behaviour across platforms but that means the worker could end up
with a socket that is not actually bound to the requested addresss.

That's why the worker now checks if the socket is bound, raising EADDRINUSE if
that's not the case.

Fixes #2721.

bnoordhuis added some commits Feb 9, 2012

test: add cluster 'bind twice' test
This test starts two clustered HTTP servers on the same port. It expects the
first cluster to succeed and the second cluster to fail with EADDRINUSE.

Reapplies commit cacd3ae, accidentally reverted in a2851b6.
cluster: propagate bind errors
This commit Fixes a bug where the cluster module failed to propagate EADDRINUSE
errors.

When a worker starts a (net, http) server, it requests the listen socket from
its master who then creates and binds the socket.

Now, OS X and Windows don't always signal EADDRINUSE from bind() but instead
defer the error until a later syscall. libuv mimics this behaviour to provide
consistent behaviour across platforms but that means the worker could end up
with a socket that is not actually bound to the requested addresss.

That's why the worker now checks if the socket is bound, raising EADDRINUSE if
that's not the case.

Fixes #2721.

cly commented Nov 21, 2012

Still seeing this issue. Would like to not have to check for opened port.. Hopefully it will get patched soon!

Member

bnoordhuis commented Nov 21, 2012

Someone ought to review it. @isaacs, @piscisaureus?

Member

bnoordhuis commented Jan 17, 2013

Working as expected now in v0.8. I've landed the test again in 08ac9fe.

@bnoordhuis bnoordhuis closed this Jan 17, 2013

richardlau pushed a commit to ibmruntimes/node that referenced this pull request Dec 8, 2015

2015-12-04, Version 4.2.3 "Argon" (LTS) Release
Security Update

Notable items:

* http: Fix a bug where an HTTP socket may no longer have a socket
  but a pipelined request triggers a pause or resume, a potential
  denial-of-service vector. (Fedor Indutny)
* openssl: Upgrade to 1.0.2e, containing fixes for:
  - CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64",
    an attack is considered feasible against a Node.js TLS server using
    DHE key exchange. Details are available at
    <http://openssl.org/news/secadv/20151203.txt>.
  - CVE-2015-3194 "Certificate verify crash with missing PSS parameter",
    a potential denial-of-service vector for Node.js TLS servers; TLS
    clients are also impacted. Details are available at
    <http://openssl.org/news/secadv/20151203.txt>.
  (Shigeki Ohtsu) #4134
* v8: Backport fixes for a bug in `JSON.stringify()` that can result
  in out-of-bounds reads for arrays. (Ben Noordhuis)

PR-URL: nodejs-private/node-private#12

richardlau pushed a commit to ibmruntimes/node that referenced this pull request Dec 9, 2015

2015-12-04, Version 5.1.1 (Stable)
Security Update

Notable items:

* **http**: Fix a bug where an HTTP socket may no longer have a socket
  but a pipelined request triggers a pause or resume, a potential
  denial-of-service vector. (Fedor Indutny)
* **openssl**: Upgrade to 1.0.2e, containing fixes for:
  - CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64",
    an attack is considered feasible against DH, an attack against RSA
    and DSA is considered possible but unlikely, EC algorithms are not
    affected. Details are available at
    <http://openssl.org/news/secadv/20151203.txt>.
  - CVE-2015-3194 "Certificate verify crash with missing PSS parameter",
    a potential denial-of-service vector for Node.js TLS servers; TLS
    clients are also impacted. Details are available at
    <http://openssl.org/news/secadv/20151203.txt>.
  (Shigeki Ohtsu) #4134
* v8: Backport fixes for a bug in `JSON.stringify()` that can result
  in out-of-bounds reads for arrays. (Ben Noordhuis)

PR-URL: nodejs-private/node-private#11
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.