Bug 1011050 - Missing port range validation for custom ports settings
Missing port range validation for custom ports settings
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Installer (Show other bugs)
Unspecified Unspecified
unspecified Severity medium
: ER3
: EAP 6.2.0
Assigned To: Francisco Canas
Petr Kremensky
Russell Dickenson
: Regression
Depends On:
  Show dependency treegraph
Reported: 2013-09-23 10:27 EDT by Petr Kremensky
Modified: 2014-09-03 00:57 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-12-15 11:12:18 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Petr Kremensky 2013-09-23 10:27:42 EDT
Port validation for socket binding screens is broken again. I am able to set i (where $i > 65535) as port number. Only screen where this validation still works is Socket Binding (standalone) screen.

Affected version:
Comment 1 Francisco Canas 2013-09-23 16:42:10 EDT
I have added port range validation for all of the sockets that were missing it. 

One thing to note: There are several ports with default values of 0. These obviously will not pass validation. Are there better default values that could be assigned to these so that the user isn't forced to manually change them?

See this commit for details:
Comment 2 Petr Kremensky 2013-09-24 02:50:52 EDT
Ports with assigned value 0 aren't used at all. 

eg. modcluster is using only multicast-port.
<socket-binding name="modcluster" port="0" multicast-address="" multicast-port="23364"/>

We can either remove them completely (each port with value 0 shouldn't be configurable and should be left to 0 by default), disable them, or left them to 0 as it is now.
Comment 3 Francisco Canas 2013-09-24 10:06:27 EDT
Disabling the non-user-configurable ports in the socket panels would require an extension to izpack, and leaving them with a default value of '0' would require removing their validation which means the user would be able to set them to any arbitrary value.

So instead, I have removed them from their respective panels.

Details in the commit:
Comment 4 Francisco Canas 2013-09-25 13:43:35 EDT
Changed how the post install jobs connect to server (domain does not use port offset, while standalone does). Specifying a port offset no longer leads to failure in the post-install panel.

See commit for details:

The post-install panel currently doesn't support user-specified management ports for all of the various configurations of the standalone server (regular, ha, full). So manually changing the management port for the ha and full configurations will lead to failure in the post-install. This support will added by the next ER.
Comment 5 Francisco Canas 2013-09-25 13:48:29 EDT
Please disregard previous comment about port offsets. It was meant for https://bugzilla.redhat.com/show_bug.cgi?id=1009421.
Comment 6 Petr Kremensky 2013-09-26 06:09:56 EDT
Please move all BZs ready for verification to ON_QA once the target milestone was released, thanks. 

Verified on EAP 6.2.0.ER3

Note You need to log in before you can comment on or make changes to this bug.