Red Hat Bugzilla – Bug 202043
MD5 libclamav library name collision with openssl
Last modified: 2007-11-30 17:11:40 EST
There is a procedure name collision between libclamav and openssl
both use name as
MD5_Init, MD5_Update, MD5_Final as public subroutine.
(fact is both include a module named md5.c)
If an application (clement in my case) use libclamav AND start a TLS connection,
openssl can/may use
MD5 library from libclamav instead of libcrypto.
this will generate a rather ugly crash (stack fully overwrite)
Rather difficult, first noticed on a RH7.3 using openssl 0.9.6 and
clamav 0.88.3. seems to depend the order crypto and clamav are
found within the dynamic lbrary cache on the running system.
clamav changed its md5.c module between 088.2 and 0.88.3 (previously
procedure were named MD5Init instead of MD5_init).
Big Huge Crash (traces wiped-out within core dump)
Point was proved, while changing the MD5 subrouting name within clamav
and reinstalling clamav, everything equal otherwise, the clement
application didn't crash.
My guess, clamav should either depend on openssl/crypto (first option) or rename
its MD5 routine name (second option).
just checked with current extras (clamav-0.88.4) and FC6 (openssl-0.9.8b),
library name still colide.
Can you check whether
solves your problem (FC-5 CVS branch), please?
I do confirm , patch is doing the trick...
Done it on plain legacy RH7.3.
With a standard clamav.0.88.4 application crash (as previously), once
the patch apply and RPM Delta installed (0.88.4-X), no crash anymore (everything
From my stand point its a "go". Many thanks....
(Do you know if Clamav team will take the patch inside their own release?)
ok; closing bug...