Bug 1075652

Summary: Failures in keyutils from new testcases in keyutils testsuite
Product: Red Hat Enterprise Linux 6 Reporter: David Howells <dhowells>
Component: keyutilsAssignee: David Howells <dhowells>
Status: CLOSED ERRATA QA Contact: Karel Srot <ksrot>
Severity: high Docs Contact:
Priority: high    
Version: 6.6CC: dhowells, jburke, jmoyer, jstancek, ksrot, pbunyan, salmy
Target Milestone: rcKeywords: TestBlocker
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: keyutils-1.4-5.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1075655 (view as bug list) Environment:
Last Closed: 2014-10-14 08:30:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1075655    
Attachments:
Description Flags
Fix max depth of "key show" output
none
Give "keyctl show" a full-width key ID field
none
Fix the input buffer size for padd & co.
none
Handle NUL chars in input data to "keyctl padd" & co. none

Description David Howells 2014-03-12 14:15:44 UTC 
Description of problem:

The keyutils testsuite has some new tests that show up some bugs in older versions of the keyutils package.

Firstly, the keyctl/show/valid test now checks that the output follows down through a set of nested keyrings more than two deep:

http://git.kernel.org/cgit/linux/kernel/git/dhowells/keyutils.git/commit/?id=67e435c3f1810bc0902698ea4ac4a85b4aef7e4f

Secondly, the keyctl/padd/useradd test now checks the size of the payload we can submit through "keyctl add ...".

The first is fixed here:

http://git.kernel.org/cgit/linux/kernel/git/dhowells/keyutils.git/commit/?id=96bae1cc9b062f669ed4ac322807e77e12d1b8fc

and the second here:

http://git.kernel.org/cgit/linux/kernel/git/dhowells/keyutils.git/commit/?id=df5cab5362695b92896a41a86556e9dad156419d

Version-Release number of selected component (if applicable):

keyutils-1.4-3

How reproducible:


Steps to Reproduce:
1. The keyctl/show/valid failure:
Do the following:

    a=@s
    a=`keyctl newring foo $a`
    a=`keyctl newring foo $a`
    a=`keyctl newring foo $a`
    a=`keyctl newring foo $a`
    a=`keyctl newring foo $a`
    keyctl show

This should display five keyrings called 'foo' nested inside each other, with the first nested inside a keyring called '_ses'.  If it shows fewer levels, it doesn't work.

2. The keyctl/padd/useradd failure:
Do the following:

    dd if=/dev/zero bs=$((1024*1024-1)) count=1 | \
        strace -eadd_key keyctl padd user a @s

And make sure that the fourth argument to add_key() is 0xfffff.  If the command fails without calling add_key() or it truncates the buffer, then it didn't work.
Comment 2 David Howells 2014-03-12 15:41:38 UTC 
http://git.kernel.org/cgit/linux/kernel/git/dhowells/keyutils.git/commit/?id=d4dea943947ffe91d3ba1fe05e84fa4c8f46fcdd

is also necessary to fix keyctl/padd/useradd.
Comment 3 David Howells 2014-03-12 16:07:26 UTC 
Part of:

http://git.kernel.org/cgit/linux/kernel/git/dhowells/keyutils.git/commit/?id=c2bba5a9f8f50b22f736ec262504229a719bcfce

is also necessary to fix keyctl/show/valid.
Comment 4 David Howells 2014-03-12 16:50:34 UTC 
Created attachment 873655 [details]
Fix max depth of "key show" output
Comment 5 David Howells 2014-03-12 16:51:30 UTC 
Created attachment 873656 [details]
Give "keyctl show" a full-width key ID field
Comment 6 David Howells 2014-03-12 16:52:07 UTC 
Created attachment 873657 [details]
Fix the input buffer size for padd & co.
Comment 7 David Howells 2014-03-12 16:52:55 UTC 
Created attachment 873658 [details]
Handle NUL chars in input data to "keyctl padd" & co.
Comment 11 Jeff Moyer 2014-07-18 18:06:33 UTC 
If we're pushing this out to 6.7, then we should also revert the test case additions so we don't have to weed through a ton of false positives.
Comment 20 errata-xmlrpc 2014-10-14 08:30:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1610.html