Bug 439531
| Summary: | sha1sum -c FAILED | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Flóki Pálsson <flokip> | ||||||
| Component: | coreutils | Assignee: | Ondrej Vasik <ovasik> | ||||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | low | Docs Contact: | |||||||
| Priority: | low | ||||||||
| Version: | 8 | CC: | meyering, robatino, twaugh | ||||||
| Target Milestone: | --- | Keywords: | Reopened | ||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | coreutils-6.10-22.fc9 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2008-05-19 08:30:12 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
|
Description
Flóki Pálsson
2008-03-28 21:48:46 UTC
Created attachment 299528 [details]
results from on FC9 iso files
This is not a bug - when using the -c option, you're supposed to use the name of a file containing sha1sums (for example, "sha1sum -c SHA1SUM"), not the name of the ISO file. In addition, this is likely not a bug against the Xfce Terminal program. ;) Flóki: Does comment #2 answer your issue? I will go ahead and close this NOTABUG. Feel free to reopen or file a new bug if you spot something further here. I tried this myself and noticed that it spent lot of time running, when one would expect that it would realize that the ISO file did not contain the expected information and quickly exit with an error message. If this is considered a bug, it should be filed under the component "coreutils" (since /usr/bin/sha1sum belongs to the coreutils package) and Hardware should be "All", not "x86_64" (it behaves the same for me with 32-bit and is unlikely to depend on hardware platform). 1. I would expect Fedora-9-Beta-x86_64-DVD.iso to contain sha1sums. acording http://fedoraproject.org/wiki/Distribution/Download 2. I expect sha1sum to responce that " ...no properly formatted SHA1 checksum lines found" Not some biary rubis. 3. I agree on that this is not bug in "Xfce Terminal". I had too gess on something. 1. The iso file _has_ a sha1sum, which you check against a list contained in the SHA1SUM file. From the link you mention: http://fedoraproject.org/wiki/Distribution/Download#head-44566c4c74aca5f78c96ff68e2ac3ba9f119f0f2 2. Indeed. This may be a bug in the sha1sum program. Would you like me to re-open this and see if we can get that fixed? 3. No problem, I am happy to help route your bug the right place... as mentioned in Comment #4 from Andre, the component here should be 'coreutils'. 'I am happy to help route your bug the right place.' Thank you. I thing my mom would like that. Thanks for report, one potential segfault in md5sum/sha1sum (which could lead to the result you have reported) was recently found and fixed by coreutils upstream. I included that fix in latest rawhide build coreutils-6.10-20.fc9, changing status to MODIFIED because I can't check it from home (no failing ISO file available and no will to download it :) ). Please confirm the fix if possible, otherwise I will try to check it later this week and close the bugzilla RAWHIDE. Yes it works in FC9 [floki@localhost ~]$ rpm -q coreutils coreutils-6.10-18.fc9.x86_64 [floki@localhost verkf]$ sha1sum -b Fedora-9-Beta-x86_64-DVD.iso ef4f37cb164d0b4e29ebda0f9c296919c9ba7fa9 *Fedora-9-Beta-x86_64-DVD.iso [floki@localhost verkf]$ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ef4f37cb164d0b4e29ebda0f9c296919c9ba7fa9 Fedora-9-Beta-x86_64-DVD.iso The bug you reported is for the -c option (as indicated by your attachment in comment #1). What does sha1sum -c Fedora-9-Beta-x86_64-DVD.iso do? Same error. I will check again when coreutils-6.10-20.fc9 is instaled. coreutils-6.10-20.fc9 was not in latest FC9 Fedora Rawhide. That is the only repository I can use. Network problems with others. "Cannot retrieve repository metadata (repomd.xml) for repository: updates-testing. Please verify its path and try again." Unfortunately there is devel freeze now in fc9/rawhide, sorry for not mentioning that. You can download the rpm on http://koji.fedoraproject.org/koji/buildinfo?buildID=46291 . Same result. Error. Rubbish output. Using [floki@localhost ~]$ rpm -q coreutils coreutils-6.10-20.fc9.x86_64 [floki@localhost ~]$ Ok. I'm able to reproduce it now (even with some other DVD ISO's). Solution could be by limiting file_name size in split_3 function of md5sum.c (and adding \0 terminator to the end of string to prevent overflow). Although it is problem of bad usage of sha1sum command, it is a problem upstream too, therefore adding upstream maintainer of coreutils to cc (as he may have different idea how to solve it). Could you explain in simple terms why it sometimes behaves this way and what it's busy doing internally? Is it similar to a buffer overrun (with the associated security issues)? In simple terms... When you use -c option in sha1sum, it expects sha1sums and file names in the file. There is no such line in iso. But unfortunately, usually there are no such lines in iso file. Each line is split and usually no valid formatting is found in iso. But rarely it passes through(when hex_digits() returns true) and tries to open file (with invalid name). This fails and file name string is displayed. Because there is no \0 terminator in that string, it overflows and makes rubbish in terminal. Created attachment 302898 [details]
Patch for sha1sum -c correction
This one patch seems to be fixing problem... But I have to check if it is not
breaking something.
(In reply to comment #17) Forget this comment, Friday afternoon and illness :( ... Comment #18 should be better ;) Built as coreutils-6.10-21.fc9, with the patch attached in comment #18 (as there is devel freeze , rpms located in http://koji.fedoraproject.org/koji/buildinfo?buildID=46586 , it worked for me), changing status to MODIFIED. Thank you for the report! The fact that md5sum -c can print surprising output in a case like this is more a case of GIGO (garbage in garbage out) than a bug. However, there is a bug when the checksum digit string contains one or more NUL bytes. I've just fixed that upstream: http://lists.gnu.org/archive/html/bug-coreutils/2008-04/msg00182.html BTW, the patch in #18 works only when the first byte is NUL. Jim: Thanks for the quick fix. Patch from comment #18 worked for the bad ISO file input, because the while loop was skipped for the case that first byte of a line was NUL and true was returned from hex_digits(). Otherwise it returned false because the garbage from ISO line is usually not hex string. Will use your patch in next rawhide build (as the patch from #18 is more workaround for that bugzilla and is not covering all hex_digits buggy cases). Thanks once more time. coreutils-6.10-22.fc9 has been submitted as an update for Fedora 9 coreutils-6.10-22.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. On F9 with the latest coreutils package, it reads through the entire ISO file but doesn't print gibberish anymore: [root@localhost ~]# sha1sum -c Fedora-9-i386-DVD.iso sha1sum: Fedora-9-i386-DVD.iso: no properly formatted SHA1 checksum lines found [root@localhost ~]# |