Bug 163664 - /usr/lib64/libmd5.so is broken.
Summary: /usr/lib64/libmd5.so is broken.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: w3c-libwww
Version: 4.0
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Harald Hoyer
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-07-20 02:49 UTC by Dennis
Modified: 2007-11-30 22:07 UTC (History)
2 users (show)

Fixed In Version: RHSA-2007-0208
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-05-01 17:35:24 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
The testmd5.c C program. (529 bytes, text/plain)
2005-07-20 02:57 UTC, Dennis
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:0208 0 normal SHIPPED_LIVE Low: w3c-libwww security and bug fix update 2007-05-01 17:35:22 UTC

Description Dennis 2005-07-20 02:49:56 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041111 Firefox/1.0

Description of problem:
The 64-bit version of libmd5.so (e.g /usr/lib64/libmd5.so.0.1.0)
does not work.

The 32-bit version of libmd5.so (e.g /usr/lib/libmd5.so.0.1.0)
does work correctly.

The following test program (named testmd5.c) highlights the flaw.

#include <stdio.h>
#include <string.h>
#ifdef __linux__
typedef int caddr_t;
# define PROTOTYPES 1
# include <md5global.h>
# include <md5.h>
#else
# include <md5.h>
#endif

int
main()
{
    MD5_CTX mdContext;
    MD5Init(&mdContext);
    const char* str = "hello world";
    MD5Update(&mdContext, (unsigned char*)str, strlen(str));
    unsigned char digest[16];
    MD5Final(digest, &mdContext);

    int i;
    for (i = 0; i < 16; i++)
    {
        printf("%02x",  (digest[i] & 0xff));
    }
    printf("\n");

    return 0;
}

Compile and run via (this will not work)

# gcc -m64 testmd5.c -lmd5 -o testmd5 && testmd5

A 32-bit build does work via

# gcc -m32 testmd5.c -lmd5 -o testmd5 && testmd5

I believe the problem relates to the file 'md5.h' of the
source rpm package  w3c-libwww-5.4.0-10.src.rpm,
in the expanded directory 'w3c-libwww-5.4.0/modules/md5/'.

The 'md5.h' file in the above listed directory contains
a 64-bit error. Lines 44 and 45 are

/* UINT4 defines a four byte word */
typedef unsigned long int UINT4;

This is wrong, in Linux 64-bit, longs and pointers are
64-bit, not 32-bit. The above list UINT4 will actually
be 8 bytes long.

The fix is to remove 'long', e.g

/* UINT4 defines a four byte word */
typedef unsigned int UINT4;

After doing that the 64-bit libmd5.so works correctly.

I would like this fix applied to Red Hat EL4 (x86_64/ia64/ppc64)
and possibly Fedora Core as well.

Version-Release number of selected component (if applicable):
w3c-libwww-5.4.0-10

How reproducible:
Always

Steps to Reproduce:
1. Compile testmd5.c (contained in the decription section) via
# gcc -m64 testmd5.c -lmd5 -o testmd5

2. Run
# ./testmd5

  

Actual Results:  The following incorrect output was produced.

b746ca570487aa55ab3f1dff25d7949a
Segmentation fault


Expected Results:  The following correct output should be produced

5eb63bbbe01eeed093cb22bb8f5acdc3

Additional info:

Line 45 of md5.h of the package w3c-libwww-5.4.0/modules/md5
is wrong, the following incorrect typedef should be changed from

typedef unsigned long int UINT4;

to the correct value

typedef unsigned int UINT4;

Comment 1 Dennis 2005-07-20 02:57:16 UTC
Created attachment 116963 [details]
The testmd5.c C program.

Comment 2 Harald Hoyer 2005-11-10 14:55:24 UTC
does this version fix your issue?
ftp://people.redhat.com/harald/w3c-libwww/5.4.0-10.1.RHEL4.1/

Comment 3 Dennis 2005-11-10 23:35:37 UTC
Yes, this fixes our issue.

Thanks.

One question, which versions of Red Hat EL Linux (update level??) and 
Fedora Core are expected contain this fix?

This can help us plan out minimum Linux requirements for our
software.

Regards,

Dennis.

Comment 4 Patrice Dumas 2006-07-24 06:49:21 UTC
for RHEL I don't know, but the fix is in fedora extras corresponding
with fedora core 5. It doesn't seems to be in fedora core 4.

Comment 5 RHEL Program Management 2006-08-18 17:32:08 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 8 Jan Hutař 2006-11-22 17:38:39 UTC
Hello,
could you please review following results (mainly amd64-4as, s390-4as and ppcp-
4as)?
  I checked "ls -al /usr/lib/libmd5*" and "ls -al /usr/lib64/libmd5*" on these 
amd64-4as, s390-4as and ppcp-4as systems and both dirs contains 
libmd5.so.0.1.0, so it seems quite strange to me - but I'm not Cgeek :)
Thanks a lot.

TEST:
  1. echo -n "hello world" | md5sum
  2. gcc testmd5.c -lmd5 -o testmd5 && ./testmd5   # observe result
  3. gcc -m32 testmd5.c -lmd5 -o testmd5-32 && ./testmd5-32   # observe result
  4. gcc -m64 testmd5.c -lmd5 -o testmd5-64 && ./testmd5-64   # observe result
  If hashes from 1. and 2. (3., 4.) are same and program ends with $? = 0, then 
PASS
  Else FAIL

RESULTS:
5.4.0-10:
2. s390-4as, ppcp-4as, i386-4as: PASS
   s390x-4as: FAIL (outputs "00000000000000000000000000000000")
   amd64-4as: FAIL (outputs "b746ca570487aa55ab3f1dff25d7949a"; Segmentation 
fault)
   ia64-4as: FAIL (outputs "b746ca570487aa55ab3f1dff25d7949a")
3. s390x-4as, s390-4as, ia64-4as: FAIL (EXCEPTED; no such option for this arch)
   ppcp-4as, i386-4as: PASS
   amd64-4as: FAIL (WHY?, "/usr/bin/ld: skipping incompatible /usr/lib64/
libmd5.so when searching for -lmd5")
4. s390x-4as: FAIL (outputs "00000000000000000000000000000000")
   s390-4as, ppcp-4as: FAIL (WHY?, "skipping incompatible /usr/lib/gcc/s390-
redhat-linux/3.4.6/../../../libmd5.so when searching for -lmd5")
   amd64-4as: FAIL (Segmentation fault; outputs 
"b746ca570487aa55ab3f1dff25d7949a")
   ia64-4as: FAIL (EXCEPTED; "no such option for this arch")
   i386-4as: FAIL (EXCEPTED; "sorry, unimplemented: 64-bit mode not compiled 
in")

5.4.0-10.1:
2. all: PASS
3. 390x-4as, s390-4as, ia64-4as: FAIL (EXCEPTED; invalid option)
   ppcp-4as, i386-4as: PASS
   amd64-4as: FAIL (WHY?; "usr/bin/ld: skipping incompatible /usr/lib64/
libmd5.so when searching for -lmd5")
4. 390x-4as, amd64-4as: PASS
   s390-4as, ppcp-4as: FAIL (WHY?; "/usr/bin/ld: skipping incompatible /usr/lib/
gcc/s390-redhat-linux/3.4.6/../../../libmd5.so when searching for -lmd5")
   ia64-4as: FAIL (EXPECTED; invalid option)
   i386-4as: FAIL (EXPECTED; unimplemented)

Comment 9 Dennis 2006-11-23 02:29:46 UTC
Is the request to review being aimed at me the original submitter?

I'd think not, probably fellow Red Hat engineers are the intended target.

My 2cents, the results look good on amd64-4as (as expected), my platform
of interest.

Question, will the fix be in Red Hat EL5? will the fix be in a EL4
point release?

Dennis.

Comment 10 Jan Hutař 2006-11-23 16:34:26 UTC
Hi Dennis,
request is aimed to assigned developer. I have it working now too (see my next 
post ;-)).

Comment 11 Jan Hutař 2006-11-23 17:20:37 UTC
So, thanks to great and patient help of jpazdziora and few others on irc, I 
discovered my mistake, so reviewed results follows (only for new 5.4.0-10.1):

RESULTS:
5.4.0-10.1:
2. all: PASS
3. 390x-4as, s390-4as, ia64-4as: FAIL (EXCEPTED; invalid option)
   ppcp-4as, i386-4as, amd64-4as(*): PASS
4. 390x-4as, amd64-4as, ppcp-4as(**): PASS
   s390-4as: FAIL (EXPECTED; no 64bit libs installed)
   ia64-4as: FAIL (EXPECTED; invalid option)
   i386-4as: FAIL (EXPECTED; unimplemented)

(*) used command: gcc -m32 testmd5.c /usr/lib/libmd5.so.0.1.0 -o testmd5-32   # 
(there is only libmd5.so.0.1.0 in /usr/lib/, there is no libmd5.so)
(**) used command: gcc -m64 testmd5.c /usr/lib64/libmd5.so.0 -o testmd5-64   # 
(there is only libmd5.so.0.1.0 in /usr/lib64/, there is no libmd5.so)

Seems this sane to you?

Comment 12 Harald Hoyer 2007-01-22 10:31:22 UTC
yes

Comment 16 Red Hat Bugzilla 2007-05-01 17:35:25 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2007-0208.html



Note You need to log in before you can comment on or make changes to this bug.