samba - Feb 2016 - ctdb, raw sockets and CVE-2015-8543

Hi!

A recent kernel security update[1] caused some issues with our ctdb
cluster; messages like:
  | We are still serving a public IP 'x.x.x.x' that we should not be
serving. Removing it
  | common/system_common.c:89 failed to open raw socket (Invalid argument)
  | Could not find which interface the ip address is hosted on. can not release
it
and 
  | common/system_linux.c:344 failed to open raw socket (Invalid argument)

The corresponding parts in ctdb's code look like this:
  | s = socket(AF_INET, SOCK_RAW, htons(IPPROTO_RAW));
converting IPPROTO_RAW to 0xff00 (from strace):
  | socket(PF_INET, SOCK_RAW, 0xff00 /* IPPROTO_??? */) = -1 EINVAL (Invalid
argument)

Removing htons() from both calls seems to fix the issue for us. Is it
possible that the call to htons is just wrong and should be removed?

-- Adi

[1] https://security-tracker.debian.org/tracker/CVE-2015-8543

Hi,

On Wed, Jan 27, 2016 at 9:51 PM, Adi Kriegisch <adi at cg.tuwien.ac.at>
wrote:
> Hi!
>
> A recent kernel security update[1] caused some issues with our ctdb
> cluster; messages like:
>   | We are still serving a public IP 'x.x.x.x' that we should not
be
> serving. Removing it
>   | common/system_common.c:89 failed to open raw socket (Invalid argument)
>   | Could not find which interface the ip address is hosted on. can not
> release it
> and
>   | common/system_linux.c:344 failed to open raw socket (Invalid argument)
>
> The corresponding parts in ctdb's code look like this:
>   | s = socket(AF_INET, SOCK_RAW, htons(IPPROTO_RAW));
> converting IPPROTO_RAW to 0xff00 (from strace):
>   | socket(PF_INET, SOCK_RAW, 0xff00 /* IPPROTO_??? */) = -1 EINVAL
> (Invalid argument)
>
> Removing htons() from both calls seems to fix the issue for us. Is it
> possible that the call to htons is just wrong and should be removed?
>
> -- Adi
>
> [1] https://security-tracker.debian.org/tracker/CVE-2015-8543
>
Thanks for reporting the issue.  Yes, htons() in socket() call is wrong and
should be removed.

Can you create a bug report on bugzilla.samba.org against CTDB?

Thanks.
Amitay.

Hi!
>      Removing htons() from both calls seems to fix the issue for us. Is it
>      possible that the call to htons is just wrong and should be removed?
[...] 
>    Thanks for reporting the issue.  Yes, htons() in socket() call is wrong
>    and should be removed.
> 
>    Can you create a bug report on [3]bugzilla.samba.org against CTDB?
Done. See https://bugzilla.samba.org/show_bug.cgi?id=11705

Thanks,
    Adi