Package: ctdb Severity: grave Tags: patch,upstream Hi!
The kernel upgrade for CVE-2015-8543 showed a bug in CTDB that leads to a broken cluster: | s = socket(AF_INET, SOCK_RAW, htons(IPPROTO_RAW)); htons(IPPROTO_RAW) leads to 0xff00 which causes "-1 EINVAL (Invalid argument)" because of CVE-2015-8543. The fix for the issue is quite simple: remove IPPROTO_RAW; to make the fix more consistent with what was used before, use IPPROTO_IP (which is 0). Error messages related to this bug are: | We are still serving a public IP 'x.x.x.x' that we should not be serving. Removing it | common/system_common.c:89 failed to open raw socket (Invalid argument) | Could not find which interface the ip address is hosted on. can not release it and | common/system_linux.c:344 failed to open raw socket (Invalid argument) As a result, IP addresses cannot be released and multiple nodes in the cluster serve the same address, which obviously does not work. Upstream bug: https://bugzilla.samba.org/show_bug.cgi?id=11705 and mailing list conversation: https://lists.samba.org/archive/samba/2016-January/197389.html -- Adi
--- a/common/system_common.c 2016-01-19 15:20:37.437683526 +0100
+++ b/common/system_common.c 2016-01-19 15:20:50.417683526 +0100
@@ -83,7 +83,7 @@
struct ifconf ifc;
char *ptr;
- s = socket(AF_INET, SOCK_RAW, htons(IPPROTO_RAW));
+ s = socket(AF_INET, SOCK_RAW, IPPROTO_IP);
if (s == -1) {
DEBUG(DEBUG_CRIT,(__location__ " failed to open raw socket (%s)\n",
strerror(errno)));
--- a/common/system_linux.c 2016-01-19 16:06:53.021491231 +0100
+++ b/common/system_linux.c 2016-01-19 16:07:05.817491231 +0100
@@ -338,7 +338,7 @@
ip4pkt.tcp.check = tcp_checksum((uint16_t *)&ip4pkt.tcp, sizeof(ip4pkt.tcp), &ip4pkt.ip);
/* open a raw socket to send this segment from */
- s = socket(AF_INET, SOCK_RAW, htons(IPPROTO_RAW));
+ s = socket(AF_INET, SOCK_RAW, IPPROTO_IP);
if (s == -1) {
DEBUG(DEBUG_CRIT,(__location__ " failed to open raw socket (%s)\n",
strerror(errno)));
signature.asc
Description: Digital signature
