Skip to content
This repository

Wrong REMOTE_ADDR/fapws.remote_addr reported #34

yangzhe1990 opened this Issue March 01, 2012 · 4 comments

2 participants

yangzhe1990 William

I find this problem on a heavily loaded web server running python-bottle 0.10.7-1 on Debian, with fapws3

At first I post a bug report at bottle: defnull/bottle#290, but then I find it's really a fapws3 bug:

I wrote the simple test script:

#!/usr/bin/env python

import fapws._evwsgi as evwsgi
from fapws import base

def start():
evwsgi.start('', '8000')

def hello(environ, start_response):
    start_response('200 OK', [('Content-Type','text/html')])
    return ['%s\n%s\n' % (environ['REMOTE_ADDR'], environ['fapws.remote_addr'])]

evwsgi.wsgi_cb(('/', hello))


if name == 'main':

Then, by frequent execution of curl, I got

~$ curl http://localhost:8000/
~$ curl http://localhost:8000/
~$ curl http://localhost:8000/
~$ curl http://localhost:8000/ & curl
[1] 26257
[1]+ DONE curl http://localhost:8000/

and sometimes

~$ curl http://localhost:8000/ & curl
[4] 26331


notice the request at port 40363:

host:,port:40363 accept_cb: cli:0x9b20770, input_header:0x9aea200
host:,port:42546 accept_cb: cli:0x9b217f8, input_header:0x9af9c38
host=,port=42546 connection_cb:cli:0x9b217f8, input_header:0x9b10fe0, input_pos:180, r:180
GET /a HTTP/1.1
User-Agent: curl/7.24.0 (i486-pc-linux-gnu) libcurl/7.23.1 OpenSSL/1.0.0e zlib/ libidn/1.23 libssh2/1.2.8 librtmp/2.3
Host: localhost:8000
Accept: /

host=,port=42546 write_cli:uri=/a,r=102,len=102,c=1
host=,port=42546 write_cli:uri=/a,r=20,len=20,c=1
host=,port=42546 close_connection:cli:0x9b217f8, input_header:0x9b10fe0***
host=,port=40363 connection_cb:cli:0x9b20770, input_header:0x9b10fe0, input_pos:181, r:181


Here it is:

cli->remote_addr=inet_ntoa (client_addr.sin_addr);

inet_ntoa use a static char[] to store the string. So that the remote_addr of each clients has the same address! And will change over time!

Please change this line to
cli->remote_addr = strdup(inet_ntoa(client_addr.sin_addr));

and free() it after the connection is closed.


This is linked to the message in the manpages. Correct ?

The inet_ntoa() function converts the Internet host address in, given in network byte order, to a string in IPv4 dotted-decimal notation. The string
is returned in a statically allocated buffer, which subsequent calls will overwrite.



William william-os4y closed this March 03, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.