[Bug 1918313] [NEW] code in rpc.svcgssd treats date as signed 32-bit

Charles Hedrick 1918313 at bugs.launchpad.net
Tue Mar 9 17:53:51 UTC 2021 

Public bug reported:

Upstream patch eb3a145789b9eedd39b56e1d76f412435abaa747 adds code to
rpc.svcgssd to set an expiration date for nfs contexts. (It doesn't
work, but that's the subject of a different bug.) That code treats the
date is int32. It is sent into the kernel using code that ends up as a
printf %d. In 2038 the date will go negative. Because the kernel uses
64-bit dates I believe that will produce the wrong result.

The code should use data_t, not int32_t.

This is complicated by the fact that it gets the date from a Kerberos
ticket. Kerberos declares date as int32. For historical reaosns, they
have decided to retain it as int32, but whenever there's a comparison or
arithemtic that would break, they cast it (date_t)(u_int32_t). I believe
the code in svcgssdd should do the same. All variables should be date_t.
Anything retrieved from a Kerberos ticket should be cast
(date_t)(u_int32_t).

THis is actually a problem upstream. But it's not clear that upstream
has any reason to fix it. Redhat is no longer using rpc.svcgssd. They're
using gssproxy to handle the upcall from the kernel. So it's not clear
that there's any significant use of svcgssd other than Ubuntu.

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: nfs-common 1:1.3.4-2.5ubuntu3.3 [modified: usr/sbin/rpc.svcgssd]
ProcVersionSignature: Ubuntu 5.4.0-65.73-generic 5.4.78
Uname: Linux 5.4.0-65-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu27.16
Architecture: amd64
CasperMD5CheckResult: skip
Date: Tue Mar  9 12:46:12 2021
InstallationDate: Installed on 2020-03-25 (348 days ago)
InstallationMedia: Ubuntu 18.04.3 LTS "Bionic Beaver" - Release amd64 (20190805)
ProcEnviron:
 TERM=vt100
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/tcsh
SourcePackage: nfs-utils
UpgradeStatus: Upgraded to focal on 2020-12-21 (78 days ago)
modified.conffile..etc.default.apport: [modified]
mtime.conffile..etc.default.apport: 2020-08-10T17:26:17.512725
mtime.conffile..etc.default.nfs-common: 2020-04-16T16:03:31.356462

** Affects: nfs-utils (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug focal

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1918313

Title:
  code in rpc.svcgssd treats date as signed 32-bit

Status in nfs-utils package in Ubuntu:
  New

Bug description:
  Upstream patch eb3a145789b9eedd39b56e1d76f412435abaa747 adds code to
  rpc.svcgssd to set an expiration date for nfs contexts. (It doesn't
  work, but that's the subject of a different bug.) That code treats the
  date is int32. It is sent into the kernel using code that ends up as a
  printf %d. In 2038 the date will go negative. Because the kernel uses
  64-bit dates I believe that will produce the wrong result.

  The code should use data_t, not int32_t.

  This is complicated by the fact that it gets the date from a Kerberos
  ticket. Kerberos declares date as int32. For historical reaosns, they
  have decided to retain it as int32, but whenever there's a comparison
  or arithemtic that would break, they cast it (date_t)(u_int32_t). I
  believe the code in svcgssdd should do the same. All variables should
  be date_t. Anything retrieved from a Kerberos ticket should be cast
  (date_t)(u_int32_t).

  THis is actually a problem upstream. But it's not clear that upstream
  has any reason to fix it. Redhat is no longer using rpc.svcgssd.
  They're using gssproxy to handle the upcall from the kernel. So it's
  not clear that there's any significant use of svcgssd other than
  Ubuntu.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: nfs-common 1:1.3.4-2.5ubuntu3.3 [modified: usr/sbin/rpc.svcgssd]
  ProcVersionSignature: Ubuntu 5.4.0-65.73-generic 5.4.78
  Uname: Linux 5.4.0-65-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.11-0ubuntu27.16
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Tue Mar  9 12:46:12 2021
  InstallationDate: Installed on 2020-03-25 (348 days ago)
  InstallationMedia: Ubuntu 18.04.3 LTS "Bionic Beaver" - Release amd64 (20190805)
  ProcEnviron:
   TERM=vt100
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/tcsh
  SourcePackage: nfs-utils
  UpgradeStatus: Upgraded to focal on 2020-12-21 (78 days ago)
  modified.conffile..etc.default.apport: [modified]
  mtime.conffile..etc.default.apport: 2020-08-10T17:26:17.512725
  mtime.conffile..etc.default.nfs-common: 2020-04-16T16:03:31.356462

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1918313/+subscriptions

More information about the foundations-bugs mailing list