2370639 – SEGV due to conflicting hmac_md5() functions

Bug 2370639 - SEGV due to conflicting hmac_md5() functions

Summary: SEGV due to conflicting hmac_md5() functions

Keywords:
Status:	NEW
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	pam_radius
Sub Component:
Version:	epel9
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Iker Pedrosa
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-06-06 12:19 UTC by Steve Atkins
Modified:	2025-06-06 12:19 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Steve Atkins 2025-06-06 12:19:53 UTC

Description of problem:

Upgrading pam_radius.so from 2.0.0-3 to 2.0.0-4 causes application using
it to SEGV, due to collision with hmac_md5 function.

Version-Release number of selected component (if applicable):

2.0.0-4

How reproducible:


Steps to Reproduce:
1. Have installed application, running correctly, that contains the function
hmac_md5 (from libesmtp):

  void hmac_md5 (const void *challenge, size_t challenge_len,
                 const void *secret, size_t secret_len,
                 unsigned char digest[16]);

2. Upgrade pam_radius.so to 2.0.0-4

3. Use PAM authentication with a facility configured to use pam_radius.so

Actual results:

SEGV.

Stack trace shows that /usr/lib64/security/pam_radius_auth.so has called the hmac_md5()
function within the application, not the one provided by pam-radius-message-auth.patch,
which then ends up in MD5_Update from libcrypto.so.3 and finally ends up SEGVing in libc.

Expected results:

Not SEGV.

Additional info:

Patching the application to rename the hmac_md5() function to something else avoids the issue.

Note You need to log in before you can comment on or make changes to this bug.