This is the mail archive of the
glibc-bugs@sources.redhat.com
mailing list for the glibc project.
[Bug libc/924] New: possible segfault in crypt/md5.c
- From: "egmont at uhulinux dot hu" <sourceware-bugzilla at sources dot redhat dot com>
- To: glibc-bugs at sources dot redhat dot com
- Date: 2 May 2005 17:59:14 -0000
- Subject: [Bug libc/924] New: possible segfault in crypt/md5.c
- Reply-to: sourceware-bugzilla at sources dot redhat dot com
Even though there are wonderful md5 computing routines in glibc, no public
interface is available to them (AFAIK), so whenever I want to compute md5
in a C program, I copy the md5.[ch] files from glibc and use those ones.
Probably this is the intended way to use them, since there are some
"#ifdef _LIBC"s in its source, I guess if md5.[ch] were to be used solely
for glibc, these wouldn't be there.
Recently I found a circumstance where this can lead to a segfault. All you
have to do is to compile and run such a trivial piece of code somewhere
in your application:
struct md5_ctx md5;
char buf[4096];
memset(buf, 0, 4096);
md5_init_ctx(&md5);
md5_process_bytes(buf, 1, &md5);
md5_process_bytes(buf, 4096, &md5);
the second md5_process_bytes() call causes a segmentation fault.
The cause of the problem is the following:
In this case when I manually compile an application using md5.[ch],
most likely none of STDC_HEADERS and _LIBC are defined. Hence at the
beginning of md5.c memcpy is #defined to be an alias to bcopy instead
of using the real memcpy from glibc.
However, a very important thing is that memcpy() and bcopy() differ
in their return value: memcpy returns the first argument, while bcopy
is void.
In md5.c line 258 the following is found:
md5_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx);
which clearly assumes that memcpy returns its first argument, so it
easily leads to a segmentation fault if this memcpy is actually a bcopy.
Patch attached, please apply. Thanks!
--
Summary: possible segfault in crypt/md5.c
Product: glibc
Version: 2.3.5
Status: NEW
Severity: minor
Priority: P2
Component: libc
AssignedTo: gotom at debian dot or dot jp
ReportedBy: egmont at uhulinux dot hu
CC: glibc-bugs at sources dot redhat dot com
http://sources.redhat.com/bugzilla/show_bug.cgi?id=924
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.