Bug 439531

Summary: sha1sum -c FAILED
Product: [Fedora] Fedora Reporter: Flóki Pálsson <flokip>
Component: coreutilsAssignee: Ondrej Vasik <ovasik>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 8CC: meyering, robatino, twaugh
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: coreutils-6.10-22.fc9 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-05-19 04:30:12 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Description Flags
results from on FC9 iso files
Patch for sha1sum -c correction none

Description Flóki Pálsson 2008-03-28 17:48:46 EDT
Description of problem:
Strangce result from 
sha1sum -b Fedora-9-Beta-x86_64-DVD.iso

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
In terminal
sha1sum -b Fedora-9-Beta-x86_64-DVD.iso
Actual results:

Expected results:

Additional info:
See rresulets from sha1sum in attchment
In instalation Fedora-9-Beta-x86_64-DVD.iso pass disk checck
Comment 1 Flóki Pálsson 2008-03-28 17:48:46 EDT
Created attachment 299528 [details]
results from on FC9 iso files
Comment 2 Andre Robatino 2008-03-28 18:08:09 EDT
  This is not a bug - when using the -c option, you're supposed to use the name
of a file containing sha1sums (for example, "sha1sum -c SHA1SUM"), not the name
of the ISO file.
Comment 3 Kevin Fenzi 2008-03-28 18:20:20 EDT
In addition, this is likely not a bug against the Xfce Terminal program. ;) 

Flóki: Does comment #2 answer your issue? 

I will go ahead and close this NOTABUG. 

Feel free to reopen or file a new bug if you spot something further here. 
Comment 4 Andre Robatino 2008-03-28 18:28:59 EDT
I tried this myself and noticed that it spent lot of time running, when one
would expect that it would realize that the ISO file did not contain the
expected information and quickly exit with an error message.  If this is
considered a bug, it should be filed under the component "coreutils" (since
/usr/bin/sha1sum belongs to the coreutils package) and Hardware should be "All",
not "x86_64" (it behaves the same for me with 32-bit and is unlikely to depend
on hardware platform).
Comment 5 Flóki Pálsson 2008-03-28 18:39:34 EDT
I would expect Fedora-9-Beta-x86_64-DVD.iso to contain sha1sums.
acording http://fedoraproject.org/wiki/Distribution/Download
I expect sha1sum to responce that 
" ...no properly formatted SHA1 checksum lines found"
Not some biary rubis.
I agree on that this is not bug in "Xfce Terminal".
I had too gess on something. 
Comment 6 Kevin Fenzi 2008-03-28 18:53:58 EDT
1. The iso file _has_ a sha1sum, which you check against a list contained in the
SHA1SUM file. From the link you mention: 

2. Indeed. This may be a bug in the sha1sum program. Would you like me to
re-open this and see if we can get that fixed?

3. No problem, I am happy to help route your bug the right place... 
as mentioned in Comment #4 from Andre, the component here should be 'coreutils'. 
Comment 7 Flóki Pálsson 2008-03-28 19:14:47 EDT
'I am happy to help route your bug the right place.'
Thank you.
I thing my mom would like that.
Comment 8 Ondrej Vasik 2008-04-16 09:19:41 EDT
Thanks for report, one potential segfault in md5sum/sha1sum (which could lead to
the result you have reported) was recently found and fixed by coreutils
upstream. I included that fix in latest rawhide build coreutils-6.10-20.fc9,
changing status to MODIFIED because I can't check it from home (no failing ISO
file available and no will to download it :) ). Please confirm the fix if
possible, otherwise I will try to check it later this week and close the
bugzilla RAWHIDE. 
Comment 9 Flóki Pálsson 2008-04-16 14:35:20 EDT
Yes it works in FC9

[floki@localhost ~]$ rpm -q coreutils

[floki@localhost verkf]$ sha1sum -b Fedora-9-Beta-x86_64-DVD.iso

ef4f37cb164d0b4e29ebda0f9c296919c9ba7fa9 *Fedora-9-Beta-x86_64-DVD.iso
[floki@localhost verkf]$ 

Hash: SHA1

ef4f37cb164d0b4e29ebda0f9c296919c9ba7fa9  Fedora-9-Beta-x86_64-DVD.iso
Comment 10 Andre Robatino 2008-04-16 14:39:40 EDT
  The bug you reported is for the -c option (as indicated by your attachment in
comment #1).  What does

sha1sum -c Fedora-9-Beta-x86_64-DVD.iso

Comment 11 Flóki Pálsson 2008-04-16 14:53:30 EDT
Same error.
I will check again when coreutils-6.10-20.fc9 is instaled.
Comment 12 Flóki Pálsson 2008-04-16 22:12:12 EDT
 coreutils-6.10-20.fc9 was not in latest FC9 Fedora Rawhide.
That is  the only  repository I can use. Network problems with others.

"Cannot retrieve repository metadata (repomd.xml) for repository:
updates-testing. Please verify its path and try again."
Comment 13 Ondrej Vasik 2008-04-17 04:18:51 EDT
Unfortunately there is devel freeze now in fc9/rawhide, sorry for not mentioning
that. You can download the rpm on
http://koji.fedoraproject.org/koji/buildinfo?buildID=46291 .
Comment 14 Flóki Pálsson 2008-04-17 19:16:10 EDT
Same result. Error. Rubbish output. 

[floki@localhost ~]$ rpm -q coreutils
[floki@localhost ~]$ 
Comment 15 Ondrej Vasik 2008-04-18 10:27:57 EDT
Ok. I'm able to reproduce it now (even with some other DVD ISO's). Solution
could be by limiting file_name size in split_3 function of md5sum.c (and adding
\0 terminator to the end of string to prevent overflow). Although it is problem
of bad usage of sha1sum command, it is a problem upstream too, therefore adding
upstream maintainer of coreutils to cc (as he may have different idea how to
solve it).
Comment 16 Andre Robatino 2008-04-18 11:15:22 EDT
Could you explain in simple terms why it sometimes behaves this way and what
it's busy doing internally?  Is it similar to a buffer overrun (with the
associated security issues)?
Comment 17 Ondrej Vasik 2008-04-18 11:54:49 EDT
In simple terms... 
When you use -c option in sha1sum, it expects sha1sums and file names in the
file.   There is no such line in iso. But unfortunately, usually there are no
such lines in iso file. 
Each line is split and usually no valid formatting is found in iso. But rarely
it passes through(when hex_digits() returns true) and tries to open file (with
invalid name). This fails and file name string is displayed. Because there is no
\0 terminator in that string, it overflows and makes rubbish in terminal. 
Comment 18 Ondrej Vasik 2008-04-18 11:57:27 EDT
Created attachment 302898 [details]
Patch for sha1sum -c correction

This one patch seems to be fixing problem... But I have to check if it is not
breaking something.
Comment 19 Ondrej Vasik 2008-04-18 12:10:17 EDT
(In reply to comment #17)
Forget this comment, Friday afternoon and illness :( ... Comment #18 should be
better ;) 

Comment 20 Ondrej Vasik 2008-04-18 13:44:05 EDT
Built as coreutils-6.10-21.fc9, with the patch attached in comment #18 (as there
is devel freeze , rpms located in
http://koji.fedoraproject.org/koji/buildinfo?buildID=46586 , it worked for me),
changing status to MODIFIED.
Comment 21 Jim Meyering 2008-04-19 02:04:35 EDT
Thank you for the report!

The fact that md5sum -c can print surprising output in a case like
this is more a case of GIGO (garbage in garbage out) than a bug.
However, there is a bug when the checksum digit string contains
one or more NUL bytes.

I've just fixed that upstream:

BTW, the patch in #18 works only when the first byte is NUL.
Comment 22 Ondrej Vasik 2008-04-19 03:16:03 EDT
Jim: Thanks for the quick fix. Patch from comment #18 worked for the bad ISO
file input, because the while loop was skipped for the case that first byte of a
line was NUL and true was returned from hex_digits(). Otherwise it returned
false because the garbage from ISO line is usually not hex string.

Will use your patch in next rawhide build (as the patch from #18 is more
workaround for that bugzilla and is not covering all hex_digits buggy cases).
Thanks once more time.
Comment 23 Fedora Update System 2008-05-13 17:04:16 EDT
coreutils-6.10-22.fc9 has been submitted as an update for Fedora 9
Comment 24 Fedora Update System 2008-05-14 18:15:43 EDT
coreutils-6.10-22.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 25 Andre Robatino 2008-05-16 16:56:06 EDT
On F9 with the latest coreutils package, it reads through the entire ISO file
but doesn't print gibberish anymore:

[root@localhost ~]# sha1sum -c Fedora-9-i386-DVD.iso
sha1sum: Fedora-9-i386-DVD.iso: no properly formatted SHA1 checksum lines found
[root@localhost ~]#