Bug 11705 - sockets with htons(IPPROTO_RAW) and CVE-2015-8543
sockets with htons(IPPROTO_RAW) and CVE-2015-8543
Status: RESOLVED FIXED
Product: CTDB 2.5.x or older
Classification: Unclassified
Component: ctdb
2.5.5
All Linux
: P5 major
: ---
Assigned To: Karolin Seeger
Samba QA Contact
:
Depends on:
Blocks: 11988
  Show dependency treegraph
 
Reported: 2016-02-01 16:10 UTC by Adi Kriegisch
Modified: 2016-06-27 15:02 UTC (History)
5 users (show)

See Also:


Attachments
Patches for v4-4 branch (11.03 KB, patch)
2016-02-02 11:38 UTC, Amitay Isaacs
vl: review+
amitay: review? (martins)
Details
Patches for v4-3 branch (11.02 KB, patch)
2016-02-02 11:39 UTC, Amitay Isaacs
vl: review+
amitay: review? (martins)
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Adi Kriegisch 2016-02-01 16:10:51 UTC
as described on the mailinglist:
A recent kernel security update[1] caused some issues with our ctdb
cluster; messages like:
  | We are still serving a public IP 'x.x.x.x' that we should not be serving. Removing it
  | common/system_common.c:89 failed to open raw socket (Invalid argument)
  | Could not find which interface the ip address is hosted on. can not release it
and 
  | common/system_linux.c:344 failed to open raw socket (Invalid argument)

The corresponding parts in ctdb's code look like this:
  | s = socket(AF_INET, SOCK_RAW, htons(IPPROTO_RAW));
converting IPPROTO_RAW to 0xff00 (from strace):
  | socket(PF_INET, SOCK_RAW, 0xff00 /* IPPROTO_??? */) = -1 EINVAL (Invalid argument)

Removing htons() from both calls seems to fix the issue for us. To have the original behavior, one could use IPPROTO_IP which is 0.

[1] https://security-tracker.debian.org/tracker/CVE-2015-8543
Comment 1 Amitay Isaacs 2016-02-02 11:38:21 UTC
Created attachment 11802 [details]
Patches for v4-4 branch
Comment 2 Amitay Isaacs 2016-02-02 11:39:05 UTC
Created attachment 11803 [details]
Patches for v4-3 branch
Comment 3 Amitay Isaacs 2016-02-02 12:18:20 UTC
Hi Karolin,

This one is for 4.3 and 4.4 branches.
Comment 5 Karolin Seeger 2016-02-04 08:04:20 UTC
(In reply to Amitay Isaacs from comment #3)
Pushed to autobuild-v4-[3|4]-test.
Comment 6 Karolin Seeger 2016-02-05 09:00:11 UTC
(In reply to Karolin Seeger from comment #5)
Pushed to both branches.
Closing out bug report.

Thanks!