1011050 – Missing port range validation for custom ports settings

Bug 1011050 - Missing port range validation for custom ports settings

Summary: Missing port range validation for custom ports settings

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	Installer
Sub Component:
Version:	6.2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	ER3
Target Release:	EAP 6.2.0
Assignee:	Francisco Canas
QA Contact:	Petr Kremensky
Docs Contact:	Russell Dickenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-09-23 14:27 UTC by Petr Kremensky
Modified:	2014-09-03 04:57 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-12-15 16:12:18 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Petr Kremensky 2013-09-23 14:27:42 UTC

Port validation for socket binding screens is broken again. I am able to set i (where $i > 65535) as port number. Only screen where this validation still works is Socket Binding (standalone) screen.

Affected version:
6.2.0.ER1

Comment 1 Francisco Canas 2013-09-23 20:42:10 UTC

I have added port range validation for all of the sockets that were missing it. 

One thing to note: There are several ports with default values of 0. These obviously will not pass validation. Are there better default values that could be assigned to these so that the user isn't forced to manually change them?

See this commit for details:
http://git.app.eng.bos.redhat.com/?p=jbossas-installer.git;a=commit;h=26b15938a75a3863640405a3fbbeb75a459d0088

Comment 2 Petr Kremensky 2013-09-24 06:50:52 UTC

Ports with assigned value 0 aren't used at all. 

eg. modcluster is using only multicast-port.
<socket-binding name="modcluster" port="0" multicast-address="224.0.1.105" multicast-port="23364"/>

We can either remove them completely (each port with value 0 shouldn't be configurable and should be left to 0 by default), disable them, or left them to 0 as it is now.

Comment 3 Francisco Canas 2013-09-24 14:06:27 UTC

Disabling the non-user-configurable ports in the socket panels would require an extension to izpack, and leaving them with a default value of '0' would require removing their validation which means the user would be able to set them to any arbitrary value.

So instead, I have removed them from their respective panels.

Details in the commit:
http://git.app.eng.bos.redhat.com/?p=jbossas-installer.git;a=commit;h=415b1009f17d04026fc0f6193078131de1bb1c41

Comment 4 Francisco Canas 2013-09-25 17:43:35 UTC

Changed how the post install jobs connect to server (domain does not use port offset, while standalone does). Specifying a port offset no longer leads to failure in the post-install panel.

See commit for details:
http://git.app.eng.bos.redhat.com/?p=jbossas-installer.git;a=commit;h=31f485ae564fdf6a60a1e10b127f684f8bbcf19d

NOTE:
The post-install panel currently doesn't support user-specified management ports for all of the various configurations of the standalone server (regular, ha, full). So manually changing the management port for the ha and full configurations will lead to failure in the post-install. This support will added by the next ER.

Comment 5 Francisco Canas 2013-09-25 17:48:29 UTC

Please disregard previous comment about port offsets. It was meant for https://bugzilla.redhat.com/show_bug.cgi?id=1009421.

Comment 6 Petr Kremensky 2013-09-26 10:09:56 UTC

Please move all BZs ready for verification to ON_QA once the target milestone was released, thanks. 

Verified on EAP 6.2.0.ER3

Note You need to log in before you can comment on or make changes to this bug.