RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1392656 - [LLNL 7.4 Bug] fix buffer overflows in util-linux with upstream patch
Summary: [LLNL 7.4 Bug] fix buffer overflows in util-linux with upstream patch
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: util-linux
Version: 7.3
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: 7.4
Assignee: Karel Zak
QA Contact: Radka Brychtova
URL:
Whiteboard:
Depends On:
Blocks: 1380361 1381646 1393867 1446211
TreeView+ depends on / blocked
 
Reported: 2016-11-08 01:27 UTC by Ben Woodard
Modified: 2017-08-01 21:41 UTC (History)
5 users (show)

Fixed In Version: util-linux-2.23.2-36.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 21:41:11 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
upstream patch to address buffer overflow. (3.13 KB, application/mbox)
2016-11-08 01:27 UTC, Ben Woodard 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1392661 0 medium CLOSED [LLNL 7.4 Bug] add zfs patches to util-linux 2021-02-22 00:41:40 UTC
Red Hat Product Errata RHBA-2017:2186 0 normal SHIPPED_LIVE util-linux bug fix and enhancement update 2017-08-01 18:41:36 UTC

Internal Links: 1392661

Description Ben Woodard 2016-11-08 01:27:25 UTC 
Created attachment 1218332 [details]
upstream patch to address buffer overflow.

LLNL was working on util-linux to fix other issues and found that this upstream patch helped deal with a problem that they were having. 

This patch addresses a buffer overflow that could happen and looks right and so it is probably a good idea to pick it up.
Comment 3 Travis Gummels 2017-03-17 15:42:57 UTC 
(In reply to Ben Woodard from comment #0)
,,,
> LLNL was working on util-linux to fix other issues and found that this
> upstream patch helped deal with a problem that they were having. 

Ben if you could attach a reproducer or describe how to reproduce the defect so QA can validate the code fix it would be appreciated.  Alternatively if LLNL could validate the fix with a Red Hat built package that would work too.

Thank you,

Travis
Comment 4 Ben Woodard 2017-03-17 15:52:17 UTC 
This is an obvious problem which was found through code inspection while searching for another problem. The problem and patch are self evident.
Comment 5 Travis Gummels 2017-03-17 16:17:57 UTC 
(In reply to Ben Woodard from comment #4)
> This is an obvious problem which was found through code inspection while
> searching for another problem. The problem and patch are self evident.

I'm confused, you stated in the description:

"... this upstream patch helped deal with a problem that they were having."

That seems to imply that LLNL was experiencing a problem that this patch resolved.  If that is the case it also means LLNL has knowledge on how to reproduce the problem.  Such knowledge could help QA validate that the fix they implemented resolves the problem for the Red Hat built package which could be different than the package LLNL is running.  Not really asking for much here, just a way to reproduce the problem or assistance from LLNL to validate the fix if it isn't something that could be validated here for lack of an HPC environment.
Comment 7 Radka Brychtova 2017-04-20 14:46:47 UTC 
Hi,
I am not sure if I can properly test this. 
Do you know about some reproducer or real scenario? Or is the customer able to test this?
If not I will probably do only some sanity testing.
Comment 8 Jim Foraker 2017-04-20 23:42:08 UTC 
We have been using a local rebuild of util-linux-2.23.2-33.el7 with this patch applied on our production clusters since mid-October.  Without the patch, we had issues getting our storage nodes to recognize all of their disks on boot.  With the modified util-linux, nodes boot reliably.
Comment 10 errata-xmlrpc 2017-08-01 21:41:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2186
Note You need to log in before you can comment on or make changes to this bug.