RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1075652 - Failures in keyutils from new testcases in keyutils testsuite
Summary: Failures in keyutils from new testcases in keyutils testsuite
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: keyutils
Version: 6.6
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: David Howells
QA Contact: Karel Srot
URL:
Whiteboard:
Depends On:
Blocks: 1075655
TreeView+ depends on / blocked
 
Reported: 2014-03-12 14:15 UTC by David Howells
Modified: 2014-10-14 08:30 UTC (History)
7 users (show)

Fixed In Version: keyutils-1.4-5.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1075655 (view as bug list)
Environment:
Last Closed: 2014-10-14 08:30:08 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Fix max depth of "key show" output (829 bytes, patch)
2014-03-12 16:50 UTC, David Howells 		no flags Details | Diff
Give "keyctl show" a full-width key ID field (863 bytes, patch)
2014-03-12 16:51 UTC, David Howells 		no flags Details | Diff
Fix the input buffer size for padd & co. (743 bytes, patch)
2014-03-12 16:52 UTC, David Howells 		no flags Details | Diff
Handle NUL chars in input data to "keyctl padd" & co. (2.86 KB, patch)
2014-03-12 16:52 UTC, David Howells 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1610 0 normal SHIPPED_LIVE keyutils bug fix update 2014-10-14 01:39:25 UTC

Description David Howells 2014-03-12 14:15:44 UTC 
Description of problem:

The keyutils testsuite has some new tests that show up some bugs in older versions of the keyutils package.

Firstly, the keyctl/show/valid test now checks that the output follows down through a set of nested keyrings more than two deep:

http://git.kernel.org/cgit/linux/kernel/git/dhowells/keyutils.git/commit/?id=67e435c3f1810bc0902698ea4ac4a85b4aef7e4f

Secondly, the keyctl/padd/useradd test now checks the size of the payload we can submit through "keyctl add ...".

The first is fixed here:

http://git.kernel.org/cgit/linux/kernel/git/dhowells/keyutils.git/commit/?id=96bae1cc9b062f669ed4ac322807e77e12d1b8fc

and the second here:

http://git.kernel.org/cgit/linux/kernel/git/dhowells/keyutils.git/commit/?id=df5cab5362695b92896a41a86556e9dad156419d

Version-Release number of selected component (if applicable):

keyutils-1.4-3

How reproducible:


Steps to Reproduce:
1. The keyctl/show/valid failure:
Do the following:

    a=@s
    a=`keyctl newring foo $a`
    a=`keyctl newring foo $a`
    a=`keyctl newring foo $a`
    a=`keyctl newring foo $a`
    a=`keyctl newring foo $a`
    keyctl show

This should display five keyrings called 'foo' nested inside each other, with the first nested inside a keyring called '_ses'.  If it shows fewer levels, it doesn't work.

2. The keyctl/padd/useradd failure:
Do the following:

    dd if=/dev/zero bs=$((1024*1024-1)) count=1 | \
        strace -eadd_key keyctl padd user a @s

And make sure that the fourth argument to add_key() is 0xfffff.  If the command fails without calling add_key() or it truncates the buffer, then it didn't work.
Comment 2 David Howells 2014-03-12 15:41:38 UTC 
http://git.kernel.org/cgit/linux/kernel/git/dhowells/keyutils.git/commit/?id=d4dea943947ffe91d3ba1fe05e84fa4c8f46fcdd

is also necessary to fix keyctl/padd/useradd.
Comment 3 David Howells 2014-03-12 16:07:26 UTC 
Part of:

http://git.kernel.org/cgit/linux/kernel/git/dhowells/keyutils.git/commit/?id=c2bba5a9f8f50b22f736ec262504229a719bcfce

is also necessary to fix keyctl/show/valid.
Comment 4 David Howells 2014-03-12 16:50:34 UTC 
Created attachment 873655 [details]
Fix max depth of "key show" output
Comment 5 David Howells 2014-03-12 16:51:30 UTC 
Created attachment 873656 [details]
Give "keyctl show" a full-width key ID field
Comment 6 David Howells 2014-03-12 16:52:07 UTC 
Created attachment 873657 [details]
Fix the input buffer size for padd & co.
Comment 7 David Howells 2014-03-12 16:52:55 UTC 
Created attachment 873658 [details]
Handle NUL chars in input data to "keyctl padd" & co.
Comment 11 Jeff Moyer 2014-07-18 18:06:33 UTC 
If we're pushing this out to 6.7, then we should also revert the test case additions so we don't have to weed through a ton of false positives.
Comment 20 errata-xmlrpc 2014-10-14 08:30:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1610.html
Note You need to log in before you can comment on or make changes to this bug.