NetBSD Problem Report #59644

From www@netbsd.org  Tue Sep  9 00:05:23 2025
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id CD7FA1A923C
	for <gnats-bugs@gnats.NetBSD.org>; Tue,  9 Sep 2025 00:05:23 +0000 (UTC)
Message-Id: <20250909000522.225C81A923D@mollari.NetBSD.org>
Date: Tue,  9 Sep 2025 00:05:22 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: bozohttpd logs wrong port number under inetd with tls
X-Send-Pr-Version: www-1.0

>Number:         59644
>Category:       bin
>Synopsis:       bozohttpd logs wrong port number under inetd with tls
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    mrg
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Sep 09 00:10:00 +0000 2025
>Last-Modified:  Tue Sep 09 00:18:40 +0000 2025
>Originator:     Taylor R Campbell
>Release:        current, 11, 10, 9, ...
>Organization:
The NetBozo Foundaport
>Environment:
>Description:
Sep  9 00:01:33 morden httpd[28064]: got request ``GET /pub/pkgsrc/current/pkgsrc/x11/xpmicons/index.html HTTP/1.1'' from host 157.52.96.54 to port 443

This was almost certainly actually sent over port 4433.

But:

    370 	if (!httpd->bindport)
    371 		httpd->bindport = bozostrdup(httpd, NULL, BOZO_HTTPS_PORT);

https://nxr.netbsd.org/xref/src/libexec/httpd/ssl-bozo.c?r=1.34#370

    672 	port = NULL;
    673 	if (httpd->bindport) {
    674 		if (strcmp(httpd->bindport, BOZO_HTTP_PORT) != 0)
    675 			port = httpd->bindport;
    676 	} else if (getsockname(0, (struct sockaddr *)(void *)&ss, &slen) == 0 &&
    677 		   getnameinfo((struct sockaddr *)(void *)&ss, slen, NULL, 0,
    678 			       bufport, sizeof bufport, NI_NUMERICSERV) == 0)
    679 		port = bufport;
    680 	if (port != NULL)
    681 		request->hr_serverport = bozostrdup(httpd, request, port);
...
    740 			bozowarn(httpd,
    741 				  "got request ``%s'' from host %s to port %s",
    742 				  str,
    743 				  host ? host : addr ? addr : "<local>",
    744 				  port ? port : "<stdin>");

https://nxr.netbsd.org/xref/src/libexec/httpd/bozohttpd.c?r=1.149#672

Under inetd, bindport never gets set for actual binding, but ssl-bozo.c sets bindport=443 (BOZO_HTTPS_PORT), so this bypasses the getpeername branch.
>How-To-Repeat:
run httpd with tls under inetd
>Fix:
Yes, please!

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: bin-bug-people->mrg
Responsible-Changed-By: riastradh@NetBSD.org
Responsible-Changed-When: Tue, 09 Sep 2025 00:18:40 +0000
Responsible-Changed-Why:
bozomeister


>Unformatted:

Home	PR Database Search