Bug 1303428 - Checksum calculation may lead to memory exhaustion
Checksum calculation may lead to memory exhaustion
Status: CLOSED DUPLICATE of bug 1175759
Product: Fedora Documentation
Classification: Fedora
Component: install-guide (Show other bugs)
devel
All Windows
unspecified Severity low
: ---
: ---
Assigned To: Pete Travis
Fedora Docs QA
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-31 12:24 EST by Ansgar Wiechers
Modified: 2016-02-02 09:30 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-02-02 09:30:41 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ansgar Wiechers 2016-01-31 12:24:19 EST
Description of problem:

Chapter 3.3.1 of the Installation Guide[1] ("Verifying checksums on Windows systems") suggests to pass the image as a byte array to the ComputeHash() method for calculating the SHA-256 checksum:

> $download_checksum = [System.BitConverter]::ToString($sha256.ComputeHash([System.IO.File]::ReadAllBytes("$PWD\$image"))).ToLower() -replace '-', ''

This reads the entire image into memory and may thus result in memory exhaustion (System.OutOfMemoryException), depending on the size of the image and the available memory in the computer running the verification.


Solution:

Read the image as a stream[2] instead of a byte array.

> $stream = (Get-Item "$PWD\$image").OpenRead()
> $hash = $sha256.ComputeHash($stream)
> $stream.Close()
> $download_checksum = [System.BitConverter]::ToString($hash).ToLower() -replace '-'


 [1]: https://docs.fedoraproject.org/en-US/Fedora/23/html/Installation_Guide/sect-verifying-images.html
 [2]: https://msdn.microsoft.com/en-us/library/xa627k19.aspx
Comment 1 Pete Travis 2016-02-02 09:30:41 EST

*** This bug has been marked as a duplicate of bug 1175759 ***

Note You need to log in before you can comment on or make changes to this bug.