Red Hat Bugzilla – Full Text Bug Listing
|Summary:||sha1sum -c FAILED|
|Product:||[Fedora] Fedora||Reporter:||Flóki Pálsson <flokip>|
|Component:||coreutils||Assignee:||Ondrej Vasik <ovasik>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Version:||8||CC:||meyering, robatino, twaugh|
|Fixed In Version:||coreutils-6.10-22.fc9||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2008-05-19 04:30:12 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Flóki Pálsson 2008-03-28 17:48:46 EDT
Description of problem: Strangce result from sha1sum -b Fedora-9-Beta-x86_64-DVD.iso Version-Release number of selected component (if applicable): How reproducible: allways Steps to Reproduce: 1. In terminal sha1sum -b Fedora-9-Beta-x86_64-DVD.iso 2. 3. Actual results: rubis Expected results: sha1sum Additional info: See rresulets from sha1sum in attchment In instalation Fedora-9-Beta-x86_64-DVD.iso pass disk checck
Comment 1 Flóki Pálsson 2008-03-28 17:48:46 EDT
Created attachment 299528 [details] results from on FC9 iso files
Comment 2 Andre Robatino 2008-03-28 18:08:09 EDT
This is not a bug - when using the -c option, you're supposed to use the name of a file containing sha1sums (for example, "sha1sum -c SHA1SUM"), not the name of the ISO file.
Comment 3 Kevin Fenzi 2008-03-28 18:20:20 EDT
In addition, this is likely not a bug against the Xfce Terminal program. ;) Flóki: Does comment #2 answer your issue? I will go ahead and close this NOTABUG. Feel free to reopen or file a new bug if you spot something further here.
Comment 4 Andre Robatino 2008-03-28 18:28:59 EDT
I tried this myself and noticed that it spent lot of time running, when one would expect that it would realize that the ISO file did not contain the expected information and quickly exit with an error message. If this is considered a bug, it should be filed under the component "coreutils" (since /usr/bin/sha1sum belongs to the coreutils package) and Hardware should be "All", not "x86_64" (it behaves the same for me with 32-bit and is unlikely to depend on hardware platform).
Comment 5 Flóki Pálsson 2008-03-28 18:39:34 EDT
1. I would expect Fedora-9-Beta-x86_64-DVD.iso to contain sha1sums. acording http://fedoraproject.org/wiki/Distribution/Download 2. I expect sha1sum to responce that " ...no properly formatted SHA1 checksum lines found" Not some biary rubis. 3. I agree on that this is not bug in "Xfce Terminal". I had too gess on something.
Comment 6 Kevin Fenzi 2008-03-28 18:53:58 EDT
1. The iso file _has_ a sha1sum, which you check against a list contained in the SHA1SUM file. From the link you mention: http://fedoraproject.org/wiki/Distribution/Download#head-44566c4c74aca5f78c96ff68e2ac3ba9f119f0f2 2. Indeed. This may be a bug in the sha1sum program. Would you like me to re-open this and see if we can get that fixed? 3. No problem, I am happy to help route your bug the right place... as mentioned in Comment #4 from Andre, the component here should be 'coreutils'.
Comment 7 Flóki Pálsson 2008-03-28 19:14:47 EDT
'I am happy to help route your bug the right place.' Thank you. I thing my mom would like that.
Comment 8 Ondrej Vasik 2008-04-16 09:19:41 EDT
Thanks for report, one potential segfault in md5sum/sha1sum (which could lead to the result you have reported) was recently found and fixed by coreutils upstream. I included that fix in latest rawhide build coreutils-6.10-20.fc9, changing status to MODIFIED because I can't check it from home (no failing ISO file available and no will to download it :) ). Please confirm the fix if possible, otherwise I will try to check it later this week and close the bugzilla RAWHIDE.
Comment 9 Flóki Pálsson 2008-04-16 14:35:20 EDT
Yes it works in FC9 [floki@localhost ~]$ rpm -q coreutils coreutils-6.10-18.fc9.x86_64 [floki@localhost verkf]$ sha1sum -b Fedora-9-Beta-x86_64-DVD.iso ef4f37cb164d0b4e29ebda0f9c296919c9ba7fa9 *Fedora-9-Beta-x86_64-DVD.iso [floki@localhost verkf]$ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ef4f37cb164d0b4e29ebda0f9c296919c9ba7fa9 Fedora-9-Beta-x86_64-DVD.iso
Comment 10 Andre Robatino 2008-04-16 14:39:40 EDT
The bug you reported is for the -c option (as indicated by your attachment in comment #1). What does sha1sum -c Fedora-9-Beta-x86_64-DVD.iso do?
Comment 11 Flóki Pálsson 2008-04-16 14:53:30 EDT
Same error. I will check again when coreutils-6.10-20.fc9 is instaled.
Comment 12 Flóki Pálsson 2008-04-16 22:12:12 EDT
coreutils-6.10-20.fc9 was not in latest FC9 Fedora Rawhide. That is the only repository I can use. Network problems with others. "Cannot retrieve repository metadata (repomd.xml) for repository: updates-testing. Please verify its path and try again."
Comment 13 Ondrej Vasik 2008-04-17 04:18:51 EDT
Unfortunately there is devel freeze now in fc9/rawhide, sorry for not mentioning that. You can download the rpm on http://koji.fedoraproject.org/koji/buildinfo?buildID=46291 .
Comment 14 Flóki Pálsson 2008-04-17 19:16:10 EDT
Same result. Error. Rubbish output. Using [floki@localhost ~]$ rpm -q coreutils coreutils-6.10-20.fc9.x86_64 [floki@localhost ~]$
Comment 15 Ondrej Vasik 2008-04-18 10:27:57 EDT
Ok. I'm able to reproduce it now (even with some other DVD ISO's). Solution could be by limiting file_name size in split_3 function of md5sum.c (and adding \0 terminator to the end of string to prevent overflow). Although it is problem of bad usage of sha1sum command, it is a problem upstream too, therefore adding upstream maintainer of coreutils to cc (as he may have different idea how to solve it).
Comment 16 Andre Robatino 2008-04-18 11:15:22 EDT
Could you explain in simple terms why it sometimes behaves this way and what it's busy doing internally? Is it similar to a buffer overrun (with the associated security issues)?
Comment 17 Ondrej Vasik 2008-04-18 11:54:49 EDT
In simple terms... When you use -c option in sha1sum, it expects sha1sums and file names in the file. There is no such line in iso. But unfortunately, usually there are no such lines in iso file. Each line is split and usually no valid formatting is found in iso. But rarely it passes through(when hex_digits() returns true) and tries to open file (with invalid name). This fails and file name string is displayed. Because there is no \0 terminator in that string, it overflows and makes rubbish in terminal.
Comment 18 Ondrej Vasik 2008-04-18 11:57:27 EDT
Created attachment 302898 [details] Patch for sha1sum -c correction This one patch seems to be fixing problem... But I have to check if it is not breaking something.
Comment 19 Ondrej Vasik 2008-04-18 12:10:17 EDT
(In reply to comment #17) Forget this comment, Friday afternoon and illness :( ... Comment #18 should be better ;)
Comment 20 Ondrej Vasik 2008-04-18 13:44:05 EDT
Built as coreutils-6.10-21.fc9, with the patch attached in comment #18 (as there is devel freeze , rpms located in http://koji.fedoraproject.org/koji/buildinfo?buildID=46586 , it worked for me), changing status to MODIFIED.
Comment 21 Jim Meyering 2008-04-19 02:04:35 EDT
Thank you for the report! The fact that md5sum -c can print surprising output in a case like this is more a case of GIGO (garbage in garbage out) than a bug. However, there is a bug when the checksum digit string contains one or more NUL bytes. I've just fixed that upstream: http://lists.gnu.org/archive/html/bug-coreutils/2008-04/msg00182.html BTW, the patch in #18 works only when the first byte is NUL.
Comment 22 Ondrej Vasik 2008-04-19 03:16:03 EDT
Jim: Thanks for the quick fix. Patch from comment #18 worked for the bad ISO file input, because the while loop was skipped for the case that first byte of a line was NUL and true was returned from hex_digits(). Otherwise it returned false because the garbage from ISO line is usually not hex string. Will use your patch in next rawhide build (as the patch from #18 is more workaround for that bugzilla and is not covering all hex_digits buggy cases). Thanks once more time.
Comment 23 Fedora Update System 2008-05-13 17:04:16 EDT
coreutils-6.10-22.fc9 has been submitted as an update for Fedora 9
Comment 24 Fedora Update System 2008-05-14 18:15:43 EDT
coreutils-6.10-22.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
Comment 25 Andre Robatino 2008-05-16 16:56:06 EDT
On F9 with the latest coreutils package, it reads through the entire ISO file but doesn't print gibberish anymore: [root@localhost ~]# sha1sum -c Fedora-9-i386-DVD.iso sha1sum: Fedora-9-i386-DVD.iso: no properly formatted SHA1 checksum lines found [root@localhost ~]#