522126 – app-backup/tsm: dsmc can crash with certain nodenames if using glibc-2.16 or higher

Bug 522126 - app-backup/tsm: dsmc can crash with certain nodenames if using glibc-2.16 or higher

Summary: app-backup/tsm: dsmc can crash with certain nodenames if using glibc-2.16 or ...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Andreas K. Hüttel

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-09-04 09:25 UTC by Horst Prote
Modified:	2018-11-05 16:32 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Horst Prote 2014-09-04 09:25:06 UTC

When PASSWORDACCESS is set to GENERATE, TSM Linux client
could crash when trying to read or write the password file.

This will happen when installed glibc is version 2.16 or higher,
and only with certain node names. It is not possible to
identify the node name pattern triggering the issue. The
crash can occur on short and long names, with and without
non-alpha characters. However, when the failing combination
of characters is used as the node name, the problem is
consistently recreatable.

Reproducible: Always

Steps to Reproduce:
1. Install app-backup/tsm-6.4.0.0-r1 on a system with glibc-2.16 or higher
2. Set "PASSWORDACCESS GENERATE" in dsm.sys
3. Have bad luck that your nodenmae triggers the error and call "dsmc".
Actual Results:  
IBM Tivoli Storage Manager
Command Line Backup-Archive Client Interface
  Client Version 6, Release 4, Level 0.0  
  Client date/time: 03.09.2014 18:56:02
(c) Copyright by IBM Corporation and other(s) 1990, 2012. All Rights Reserved.

Node Name: S-050410_ALGE
Aborted


Expected Results:  
IBM Tivoli Storage Manager
Command Line Backup-Archive Client Interface
  Client Version 6, Release 4, Level 0.0  
  Client date/time: 03.09.2014 19:20:52
(c) Copyright by IBM Corporation and other(s) 1990, 2012. All Rights Reserved.

Node Name: S-050410_ALGE
Session established with server TSMSRVA: Linux/x86_64
  Server Version 6, Release 3, Level 4.200
  Server date/time: 03.09.2014 19:20:52  Last access: 03.09.2014 19:05:14

tsm> quit


This bug is also known at redhat:
https://bugzilla.redhat.com/show_bug.cgi?id=1030142
and upstream at ibm:
http://www-01.ibm.com/support/docview.wss?uid=swg1IC92662

Comment 1 Horst Prote 2014-09-04 09:29:06 UTC

I just tried the following:

# cd /usr/portage/app-backup/tsm/
# cp tsm-6.4.0.0-r1.ebuild tsm-6.4.2.0.ebuild
# ebuild tsm-6.4.2.0.ebuild manifest
# emerge -u tsm

This worked for me:
# dsmc
IBM Tivoli Storage Manager
Command Line Backup-Archive Client Interface
  Client Version 6, Release 4, Level 2.0  
  Client date/time: 04.09.2014 11:13:04
(c) Copyright by IBM Corporation and other(s) 1990, 2014. All Rights Reserved.

Node Name: S-050410_ALGE
Session established with server TSMSRVA: Linux/x86_64
  Server Version 6, Release 3, Level 4.200
  Server date/time: 04.09.2014 11:13:04  Last access: 03.09.2014 19:20:52

tsm> quit

Comment 2 Pacho Ramos gentoo-dev

2014-09-04 11:13:57 UTC

Update to newer version fixed it then, right?

Comment 3 Pacho Ramos gentoo-dev

2014-09-04 11:14:35 UTC

Also, per https://bugzilla.redhat.com/show_bug.cgi?id=1030142#c3 we would need to do the same for 6.3.x branch

Comment 4 Horst Prote 2014-09-04 11:48:00 UTC

(In reply to Pacho Ramos from comment #2)
> Update to newer version fixed it then, right?

Yes.

On http://www-01.ibm.com/support/docview.wss?uid=swg1IC92662 there are fixes for
Version 6.3, 6.4 and 7.1.

Comment 5 Martin von Gagern 2014-09-04 16:44:07 UTC

Current release versions are 6.2.5.0, 6.3.2.0, 6.4.2.0 and 7.1.0.0, and we have patch versions 6.2.5.3, 6.3.2.1 and 7.1.0.3 available as well. So far we never entered a patch a.k.a. interim fix version in portage, but the ebuild should be prepared to cater for these as well, so that a simple rename will work for them, too. Not sure what these patches contain. There is a document for each of them, with links to other documents with other links…
http://www-01.ibm.com/support/docview.wss?uid=swg21648007 indicates for example that 7.1.0.3 should fix two security issues. Should we simply rename all ebuilds to the latest patch versions? I guess I can do so locally, see whether the ebuilds install as expected. I won't be able to run any functionality tests with older versions, since my data center doesn't support them any more.

Comment 6 Martin von Gagern 2014-09-04 17:09:36 UTC

One problem might be that distfiles for intermediate fixes might disappear when they are superseded. So if we use them, I guess I should try set up some cron job or similar to check for new versions. Pacho, would it be OK if you bump ebuilds for minor releases without my testing them? Otherwise I'm not sure I can keep up with fixes in a timely manner, and the delay due to proxy-maintainance might add to the problems. In that case we should stick to full releases, imo.

Comment 7 Pacho Ramos gentoo-dev

2014-09-05 09:06:28 UTC

Taking care the kind of included fixes are also security problems, we need to switch to bugfix releases even without doing full functionality test. Do they have some mailing list or similar to notify us about future bumps?

Comment 8 Michael Weber (RETIRED) gentoo-dev

2015-10-06 23:00:10 UTC

This affects 6.2.2 and 6.2.5.4 as well. These are the last/latest 32bit versions.

Comment 9 Ian Delaney (RETIRED) gentoo-dev

2015-10-08 11:24:55 UTC

Martin von Gagern
if there are version bumps make requests and I'll bump them

Comment 10 Horst Prote 2018-11-05 16:32:44 UTC

Closing this old bug as the 7.1 versions I use now have the fix included.