The Samba-Bugzilla – Attachment 12230 Details for
Bug 11988
sockets with htons(IPPROTO_RAW) and CVE-2015-8543
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for 1.0.114(.9)
ctdb-1.0.114-bug-11988-01.patches.txt (text/plain), 8.80 KB, created by
Stefan Metzmacher
on 2016-06-28 15:01:22 UTC
(
hide
)
Description:
Patches for 1.0.114(.9)
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2016-06-28 15:01:22 UTC
Size:
8.80 KB
patch
obsolete
>From cec4122ecd072cab7a49fb33c662f78d764a6056 Mon Sep 17 00:00:00 2001 >From: Amitay Isaacs <amitay@gmail.com> >Date: Fri, 29 Jan 2016 00:05:26 +1100 >Subject: [PATCH 1/3] ctdb-common: Protocol argument must be in host order for > socket() call > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11705 > >Signed-off-by: Amitay Isaacs <amitay@gmail.com> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit 9f8395cb7d49b63a82f75bf504f5f83920102b29) >--- > common/system_aix.c | 4 ++-- > common/system_common.c | 2 +- > common/system_linux.c | 8 ++++---- > 3 files changed, 7 insertions(+), 7 deletions(-) > >diff --git a/common/system_aix.c b/common/system_aix.c >index 1404a82..abc2627 100644 >--- a/common/system_aix.c >+++ b/common/system_aix.c >@@ -44,7 +44,7 @@ int ctdb_sys_open_sending_socket(void) > int s, ret; > uint32_t one = 1; > >- s = socket(AF_INET, SOCK_RAW, htons(IPPROTO_RAW)); >+ s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); > if (s == -1) { > DEBUG(DEBUG_CRIT,(" failed to open raw socket (%s)\n", > strerror(errno))); >@@ -121,7 +121,7 @@ int ctdb_sys_send_tcp(const ctdb_sock_addr *dest, > > > >- s = socket(AF_INET, SOCK_RAW, htons(IPPROTO_RAW)); >+ s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); > if (s == -1) { > DEBUG(DEBUG_CRIT,(" failed to open raw socket (%s)\n", > strerror(errno))); >diff --git a/common/system_common.c b/common/system_common.c >index 78eeb82..9c0f618 100644 >--- a/common/system_common.c >+++ b/common/system_common.c >@@ -80,7 +80,7 @@ char *ctdb_sys_find_ifname(ctdb_sock_addr *addr) > struct ifconf ifc; > char *ptr; > >- s = socket(AF_INET, SOCK_RAW, htons(IPPROTO_RAW)); >+ s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); > if (s == -1) { > DEBUG(DEBUG_CRIT,(__location__ " failed to open raw socket (%s)\n", > strerror(errno))); >diff --git a/common/system_linux.c b/common/system_linux.c >index 102a348..8473572 100644 >--- a/common/system_linux.c >+++ b/common/system_linux.c >@@ -86,7 +86,7 @@ int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface) > > switch (addr->ip.sin_family) { > case AF_INET: >- s = socket(PF_PACKET, SOCK_RAW, htons(ETHERTYPE_ARP)); >+ s = socket(PF_PACKET, SOCK_RAW, ETHERTYPE_ARP); > if (s == -1){ > DEBUG(DEBUG_CRIT,(__location__ " failed to open raw socket\n")); > return -1; >@@ -180,7 +180,7 @@ int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface) > close(s); > break; > case AF_INET6: >- s = socket(PF_PACKET, SOCK_RAW, htons(ETHERTYPE_ARP)); >+ s = socket(PF_PACKET, SOCK_RAW, ETHERTYPE_ARP); > if (s == -1){ > DEBUG(DEBUG_CRIT,(__location__ " failed to open raw socket\n")); > return -1; >@@ -336,7 +336,7 @@ int ctdb_sys_send_tcp(const ctdb_sock_addr *dest, > ip4pkt.tcp.check = tcp_checksum((uint16_t *)&ip4pkt.tcp, sizeof(ip4pkt.tcp), &ip4pkt.ip); > > /* open a raw socket to send this segment from */ >- s = socket(AF_INET, SOCK_RAW, htons(IPPROTO_RAW)); >+ s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); > if (s == -1) { > DEBUG(DEBUG_CRIT,(__location__ " failed to open raw socket (%s)\n", > strerror(errno))); >@@ -422,7 +422,7 @@ int ctdb_sys_open_capture_socket(const char *iface, void **private_data) > int s; > > /* Open a socket to capture all traffic */ >- s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); >+ s = socket(AF_PACKET, SOCK_RAW, ETH_P_ALL); > if (s == -1) { > DEBUG(DEBUG_CRIT,(__location__ " failed to open raw socket\n")); > return -1; >-- >1.9.1 > > >From 975c734eba622ccc804803db1f06479a99b0edf8 Mon Sep 17 00:00:00 2001 >From: Amitay Isaacs <amitay@gmail.com> >Date: Fri, 29 Jan 2016 00:06:18 +1100 >Subject: [PATCH 2/3] ctdb-common: Use documented names for protocol family in > socket() > >Instead of using PF_*, use AF_*. > >https://bugzilla.samba.org/show_bug.cgi?id=11705 > >Signed-off-by: Amitay Isaacs <amitay@gmail.com> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit 9f94620a308a3b17c1886c2c4807b34b8d5edacb) >--- > common/system_linux.c | 8 ++++---- > utils/smnotify/smnotify.c | 6 +++--- > 2 files changed, 7 insertions(+), 7 deletions(-) > >diff --git a/common/system_linux.c b/common/system_linux.c >index 8473572..197a46b 100644 >--- a/common/system_linux.c >+++ b/common/system_linux.c >@@ -86,7 +86,7 @@ int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface) > > switch (addr->ip.sin_family) { > case AF_INET: >- s = socket(PF_PACKET, SOCK_RAW, ETHERTYPE_ARP); >+ s = socket(AF_PACKET, SOCK_RAW, ETHERTYPE_ARP); > if (s == -1){ > DEBUG(DEBUG_CRIT,(__location__ " failed to open raw socket\n")); > return -1; >@@ -180,7 +180,7 @@ int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface) > close(s); > break; > case AF_INET6: >- s = socket(PF_PACKET, SOCK_RAW, ETHERTYPE_ARP); >+ s = socket(AF_PACKET, SOCK_RAW, ETHERTYPE_ARP); > if (s == -1){ > DEBUG(DEBUG_CRIT,(__location__ " failed to open raw socket\n")); > return -1; >@@ -383,7 +383,7 @@ int ctdb_sys_send_tcp(const ctdb_sock_addr *dest, > ip6pkt.tcp.window = htons(1234); > ip6pkt.tcp.check = tcp_checksum6((uint16_t *)&ip6pkt.tcp, sizeof(ip6pkt.tcp), &ip6pkt.ip6); > >- s = socket(PF_INET6, SOCK_RAW, IPPROTO_RAW); >+ s = socket(AF_INET6, SOCK_RAW, IPPROTO_RAW); > if (s == -1) { > DEBUG(DEBUG_CRIT, (__location__ " Failed to open sending socket\n")); > return -1; >@@ -543,7 +543,7 @@ bool ctdb_sys_check_iface_exists(const char *iface) > int s; > struct ifreq ifr; > >- s = socket(PF_PACKET, SOCK_RAW, 0); >+ s = socket(AF_PACKET, SOCK_RAW, 0); > if (s == -1){ > /* We dont know if the interface exists, so assume yes */ > DEBUG(DEBUG_CRIT,(__location__ " failed to open raw socket\n")); >diff --git a/utils/smnotify/smnotify.c b/utils/smnotify/smnotify.c >index d7fd546..d5c5a4c 100644 >--- a/utils/smnotify/smnotify.c >+++ b/utils/smnotify/smnotify.c >@@ -43,14 +43,14 @@ static int create_socket(const char *addr, int port) > int s; > struct sockaddr_in sock_in; > >- s = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); >+ s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); > if (s == -1) { > printf("Failed to open local socket\n"); > exit(10); > } > > bzero(&sock_in, sizeof(sock_in)); >- sock_in.sin_family = PF_INET; >+ sock_in.sin_family = AF_INET; > sock_in.sin_port = htons(port); > inet_aton(addr, &sock_in.sin_addr); > if (bind(s, (struct sockaddr *)&sock_in, sizeof(sock_in)) == -1) { >@@ -124,7 +124,7 @@ int main(int argc, const char *argv[]) > > /* Setup a sockaddr_in for the client we want to notify */ > bzero(&sock_cl, sizeof(sock_cl)); >- sock_cl.sin_family = PF_INET; >+ sock_cl.sin_family = AF_INET; > sock_cl.sin_port = htons(clientport); > inet_aton(client, &sock_cl.sin_addr); > >-- >1.9.1 > > >From 7ed96e76376afd883e8f7dd9e11ceb11106cb2d1 Mon Sep 17 00:00:00 2001 >From: Amitay Isaacs <amitay@gmail.com> >Date: Thu, 3 Mar 2016 14:17:40 +1100 >Subject: [PATCH 3/3] ctdb-common: For AF_PACKET socket types, protocol is in > network order > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11770 > >From man page of packet(7): > > protocol is the IEEE 802.3 > protocol number in network byte order. See the <linux/if_ether.h> > include file for a list of allowed protocols. When protocol is set to > htons(ETH_P_ALL), then all protocols are received. > >Protocol argument was changed from network order to host order wrongly >in commit 9f8395cb7d49b63a82f75bf504f5f83920102b29. > >Specifying "protocol" field to socket(AF_PACKET, ...) call only affects >the packets that are recevied. So use protocol = 0 when sending raw >packets. > >Signed-off-by: Amitay Isaacs <amitay@gmail.com> >Reviewed-by: Martin Schwenke <martin@meltin.net> > >Autobuild-User(master): Martin Schwenke <martins@samba.org> >Autobuild-Date(master): Fri Mar 4 12:58:50 CET 2016 on sn-devel-144 > >(cherry picked from commit f5b6a5b13406c245ab9cc8c1699483af9eb21f88) >--- > common/system_linux.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > >diff --git a/common/system_linux.c b/common/system_linux.c >index 197a46b..4945bf1 100644 >--- a/common/system_linux.c >+++ b/common/system_linux.c >@@ -86,7 +86,7 @@ int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface) > > switch (addr->ip.sin_family) { > case AF_INET: >- s = socket(AF_PACKET, SOCK_RAW, ETHERTYPE_ARP); >+ s = socket(AF_PACKET, SOCK_RAW, 0); > if (s == -1){ > DEBUG(DEBUG_CRIT,(__location__ " failed to open raw socket\n")); > return -1; >@@ -180,7 +180,7 @@ int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface) > close(s); > break; > case AF_INET6: >- s = socket(AF_PACKET, SOCK_RAW, ETHERTYPE_ARP); >+ s = socket(AF_PACKET, SOCK_RAW, 0); > if (s == -1){ > DEBUG(DEBUG_CRIT,(__location__ " failed to open raw socket\n")); > return -1; >@@ -422,7 +422,7 @@ int ctdb_sys_open_capture_socket(const char *iface, void **private_data) > int s; > > /* Open a socket to capture all traffic */ >- s = socket(AF_PACKET, SOCK_RAW, ETH_P_ALL); >+ s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); > if (s == -1) { > DEBUG(DEBUG_CRIT,(__location__ " failed to open raw socket\n")); > return -1; >-- >1.9.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 11988
:
12214
|
12227
| 12230