On 05/02/2020 13:03, Michael Osipov wrote:
> Am 2020-02-05 um 13:30 schrieb [email protected]:
>> This is an automated email from the ASF dual-hosted git repository.
>>
>> markt pushed a commit to branch 7.0.x
>> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>>
>>
>> The following commit(s) were added to refs/heads/7.0.x by this push:
>> new 0d633e7 Change the default bind address for AJP to the
>> loopback address
>> 0d633e7 is described below
>>
>> commit 0d633e72ebc7b3c242d0081c23bba5e4dacd9b72
>> Author: Mark Thomas <[email protected]>
>> AuthorDate: Tue Jan 21 13:02:13 2020 +0000
>>
>> Change the default bind address for AJP to the loopback address
<snip/>
>> + public InetAddress getLoopbackAddress() {
>> + // Javadoc for getByName() states that calling with null will
>> return one
>> + // of the loopback addresses
>> + InetAddress result = null;
>> + try {
>> + result = InetAddress.getByName(null);
>> + } catch (UnknownHostException e) {
>> + // This would be unusual but ignore it in this case.
>> + }
>> + if (result == null) {
>> + // Fallback to default IPv4 loopback address.
>> + // Not perfect but good enough and if the address is not
>> valid the
>> + // bind will fail later with an appropriate error message
>> + try {
>> + result = InetAddress.getByName("127.0.0.1");
>
> This is wrong. localhost is not always 127.0.0.1. I have hosts where lo1
> is cloned with 127.0.0/29 and not local IPs are passed into Jails.
The code was designed with that in mind.
As the comments state, it isn't perfect but it is a fall-back for a
state that should happen rarely / not at all.
It is preferrable to use "127.0.0.1" and have the Connector fail than
the other options which are:
- fail immediately as that would prevent the user specifying an
alternative value for address; or
- have the Connector come up listening on all addresses.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
