11705 – sockets with htons(IPPROTO_RAW) and CVE-2015-8543

Bug 11705 - sockets with htons(IPPROTO_RAW) and CVE-2015-8543

Summary: sockets with htons(IPPROTO_RAW) and CVE-2015-8543

Status:	RESOLVED FIXED

Alias:	None

Product:	CTDB 2.5.x or older
Classification:	Unclassified
Component:	ctdb (show other bugs)
Version:	2.5.5
Hardware:	All Linux

Importance:	P5 major
Target Milestone:	---
Assignee:	Karolin Seeger
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:	11988
	Show dependency tree / graph

Reported:	2016-02-01 16:10 UTC by Adi Kriegisch
Modified:	2021-01-30 09:32 UTC (History)
CC List:	5 users (show)

See Also:

Attachments
Patches for v4-4 branch (11.03 KB, patch) 2016-02-02 11:38 UTC, Amitay Isaacs	vl: review+	Details
Patches for v4-3 branch (11.02 KB, patch) 2016-02-02 11:39 UTC, Amitay Isaacs	vl: review+	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Adi Kriegisch 2016-02-01 16:10:51 UTC

as described on the mailinglist:
A recent kernel security update[1] caused some issues with our ctdb
cluster; messages like:
  | We are still serving a public IP 'x.x.x.x' that we should not be serving. Removing it
  | common/system_common.c:89 failed to open raw socket (Invalid argument)
  | Could not find which interface the ip address is hosted on. can not release it
and 
  | common/system_linux.c:344 failed to open raw socket (Invalid argument)

The corresponding parts in ctdb's code look like this:
  | s = socket(AF_INET, SOCK_RAW, htons(IPPROTO_RAW));
converting IPPROTO_RAW to 0xff00 (from strace):
  | socket(PF_INET, SOCK_RAW, 0xff00 /* IPPROTO_??? */) = -1 EINVAL (Invalid argument)

Removing htons() from both calls seems to fix the issue for us. To have the original behavior, one could use IPPROTO_IP which is 0.

[1] https://security-tracker.debian.org/tracker/CVE-2015-8543

Comment 1 Amitay Isaacs 2016-02-02 11:38:21 UTC

Created attachment 11802 [details]
Patches for v4-4 branch

Comment 2 Amitay Isaacs 2016-02-02 11:39:05 UTC

Created attachment 11803 [details]
Patches for v4-3 branch

Comment 3 Amitay Isaacs 2016-02-02 12:18:20 UTC

Hi Karolin,

This one is for 4.3 and 4.4 branches.

Comment 4 Mathieu Parent 2016-02-03 21:04:05 UTC

For reference, the ML discussion is at https://lists.samba.org/archive/samba/2016-January/197434.html,

Commits on master are:
https://git.samba.org/?p=samba.git;a=commitdiff;h=9f8395cb7d49b63a82f75bf504f5f83920102b29
https://git.samba.org/?p=samba.git;a=commitdiff;h=9f94620a308a3b17c1886c2c4807b34b8d5edacb

(And also, Debian bug: https://bugs.debian.org/813406)

Comment 5 Karolin Seeger 2016-02-04 08:04:20 UTC

(In reply to Amitay Isaacs from comment #3)
Pushed to autobuild-v4-[3|4]-test.

Comment 6 Karolin Seeger 2016-02-05 09:00:11 UTC

(In reply to Karolin Seeger from comment #5)
Pushed to both branches.
Closing out bug report.

Thanks!