Bug 11705 - sockets with htons(IPPROTO_RAW) and CVE-2015-8543
Summary: sockets with htons(IPPROTO_RAW) and CVE-2015-8543
Alias: None
Product: CTDB 2.5.x or older
Classification: Unclassified
Component: ctdb (show other bugs)
Version: 2.5.5
Hardware: All Linux
: P5 major
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Blocks: 11988
  Show dependency treegraph
Reported: 2016-02-01 16:10 UTC by Adi Kriegisch
Modified: 2021-01-30 09:32 UTC (History)
5 users (show)

See Also:

Patches for v4-4 branch (11.03 KB, patch)
2016-02-02 11:38 UTC, Amitay Isaacs
vl: review+
Patches for v4-3 branch (11.02 KB, patch)
2016-02-02 11:39 UTC, Amitay Isaacs
vl: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Adi Kriegisch 2016-02-01 16:10:51 UTC
as described on the mailinglist:
A recent kernel security update[1] caused some issues with our ctdb
cluster; messages like:
  | We are still serving a public IP 'x.x.x.x' that we should not be serving. Removing it
  | common/system_common.c:89 failed to open raw socket (Invalid argument)
  | Could not find which interface the ip address is hosted on. can not release it
  | common/system_linux.c:344 failed to open raw socket (Invalid argument)

The corresponding parts in ctdb's code look like this:
  | s = socket(AF_INET, SOCK_RAW, htons(IPPROTO_RAW));
converting IPPROTO_RAW to 0xff00 (from strace):
  | socket(PF_INET, SOCK_RAW, 0xff00 /* IPPROTO_??? */) = -1 EINVAL (Invalid argument)

Removing htons() from both calls seems to fix the issue for us. To have the original behavior, one could use IPPROTO_IP which is 0.

[1] https://security-tracker.debian.org/tracker/CVE-2015-8543
Comment 1 Amitay Isaacs 2016-02-02 11:38:21 UTC
Created attachment 11802 [details]
Patches for v4-4 branch
Comment 2 Amitay Isaacs 2016-02-02 11:39:05 UTC
Created attachment 11803 [details]
Patches for v4-3 branch
Comment 3 Amitay Isaacs 2016-02-02 12:18:20 UTC
Hi Karolin,

This one is for 4.3 and 4.4 branches.
Comment 5 Karolin Seeger 2016-02-04 08:04:20 UTC
(In reply to Amitay Isaacs from comment #3)
Pushed to autobuild-v4-[3|4]-test.
Comment 6 Karolin Seeger 2016-02-05 09:00:11 UTC
(In reply to Karolin Seeger from comment #5)
Pushed to both branches.
Closing out bug report.