VRRP AH auth_type broken in 1.2.7

Bug #1356575 reported by Stoyan Stoyanov
24
This bug affects 4 people
Affects Status Importance Assigned to Milestone
keepalived (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

A bug in keepalived 1.2.7 causes VRRP peers to ignore each other's VRRP packets leading to a "multi-master" situation. The logs show the following:

Aug 13 11:30:53 lb04 Keepalived_vrrp[22093]: bogus VRRP packet received on eth0 !!!
Aug 13 11:30:53 lb04 Keepalived_vrrp[22093]: VRRP_Instance(PRIV) ignoring received advertisment...
Aug 13 11:30:54 lb04 Keepalived_vrrp[22093]: receive an invalid ip number count associated with VRID!
Aug 13 11:30:54 lb04 Keepalived_vrrp[22093]: bogus VRRP packet received on eth0 !!!
Aug 13 11:30:54 lb04 Keepalived_vrrp[22093]: VRRP_Instance(PRIV) ignoring received advertisment...
Aug 13 11:30:55 lb04 Keepalived_vrrp[22093]: receive an invalid ip number count associated with VRID!

From 1.2.8 changelog:

        * Ryan O'Hara fixed pointer arithmetic for VRRP packet.
          When using IPSEC AH authentication, the pointer arithmetic used
          to get the location of the VRRP packet is incorrect. The address
          of the IPSEC header must be cast as (char *) in order to get
          correct address of the VRRP packet. Without this patch,
          vrrp_in_chk() will fail to verify incoming VRRP packets when
          IPSEC AH is enabled.

Please either update the package or backport the fix. The fix involves updating a single line in vrrp.c:

--- keepalived-1.2.7/keepalived/vrrp/vrrp.c.orig 2012-08-16 16:21:28.000000000 -0700
+++ keepalived-1.2.7/keepalived/vrrp/vrrp.c 2014-08-13 13:09:48.289648524 -0700
@@ -238,7 +238,7 @@

                if (vrrp->auth_type == VRRP_AUTH_AH) {
                        ah = (ipsec_ah *) (buffer + ihl);
- hd = (vrrp_pkt *) (ah + vrrp_ipsecah_len());
+ hd = (vrrp_pkt *) ((char *) ah + vrrp_ipsecah_len());
                } else {
                        hd = (vrrp_pkt *) (buffer + ihl);
                }

Attached is a patch (keepalived_debian_ah.patch) to be applied to the debian directory, patches the series file and puts the above patch in place.

OS: Ubuntu 14.04 LTS
Package: keepalived 1:1.2.7-1ubuntu1

Tags: patch
Revision history for this message
Stoyan Stoyanov (stoyansbg) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "keepalived_debian_ah.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in keepalived (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.