Bug 196694

Summary:

libmd doesn't detect EOF properly; can get stuck in an infinite loop in MDXFileChunk

Product:

Base System

Reporter:

Enji Cooper <ngie>

Component:

bin

Assignee:

Enji Cooper <ngie>

Status:

Closed FIXED

Severity:

Affects Some People

CC:

benno, darius, delphij, des, phk

Priority:

---

Flags:

ngie: mfc-stable10+
ngie: mfc-stable9+
ngie: mfc-stable8-

Version:

CURRENT

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
Patch for fixing the md5 infinite loop	none

Description Enji Cooper freebsd_committer

2015-01-13 19:26:45 UTC

Created attachment 151578 [details]
Patch for fixing the md5 infinite loop

read(2) can return 0 if an EOF is encountered. The problem is that the loop in MDXFileChunk doesn't account for this, so any callers of the API can encounter an infinite loop on EOF (which includes md5).

The attached patch addresses this issue.

Sponsored by: EMC / Isilon Storage Division

Comment 1 Enji Cooper freebsd_committer

2015-01-13 19:27:33 UTC

CCing potentially interested stakeholders.

Comment 2 commit-hook freebsd_committer

2015-04-24 11:04:02 UTC

A commit references this bug:

Author: ngie
Date: Fri Apr 24 11:03:48 UTC 2015
New revision: 281928
URL: https://svnweb.freebsd.org/changeset/base/281928

Log:
  Avoid an infinite loop by ensuring that the amount of bytes read is greater
  than 0 in MDXFileChunk when calculating the checksum

  This edgecase can be triggered if the file is truncated while the checksum
  is being calculated (i.e. the EOF is reached)

  Differential Revision: https://reviews.freebsd.org/D2351 (patch by darius)
  PR: 196694
  Reviewed by: delphij, ngie
  Submitted by: Daniel O'Connor <darius@dons.net.au>
  Sponsored by: EMC / Isilon Storage Division

Changes:
  head/lib/libmd/mdXhl.c

Comment 3 commit-hook freebsd_committer

2015-05-18 10:45:38 UTC

A commit references this bug:

Author: ngie
Date: Mon May 18 10:45:19 UTC 2015
New revision: 283054
URL: https://svnweb.freebsd.org/changeset/base/283054

Log:
  MFC r281928:

  Avoid an infinite loop by ensuring that the amount of bytes read is greater
  than 0 in MDXFileChunk when calculating the checksum

  This edgecase can be triggered if the file is truncated while the checksum
  is being calculated (i.e. the EOF is reached)

  Differential Revision: https://reviews.freebsd.org/D2351 (patch by darius)
  PR: 196694
  Reviewed by: delphij, ngie
  Submitted by: Daniel O'Connor <darius@dons.net.au>
  Sponsored by: EMC / Isilon Storage Division

Changes:
_U  stable/10/
  stable/10/lib/libmd/mdXhl.c

Comment 4 commit-hook freebsd_committer

2015-05-18 10:47:40 UTC

A commit references this bug:

Author: ngie
Date: Mon May 18 10:46:52 UTC 2015
New revision: 283055
URL: https://svnweb.freebsd.org/changeset/base/283055

Log:
  MFstable/10 r283054:

  MFC r281928:

  Avoid an infinite loop by ensuring that the amount of bytes read is greater
  than 0 in MDXFileChunk when calculating the checksum

  This edgecase can be triggered if the file is truncated while the checksum
  is being calculated (i.e. the EOF is reached)

  Differential Revision: https://reviews.freebsd.org/D2351 (patch by darius)
  PR: 196694
  Reviewed by: delphij, ngie
  Submitted by: Daniel O'Connor <darius@dons.net.au>
  Sponsored by: EMC / Isilon Storage Division

Changes:
_U  stable/9/
_U  stable/9/lib/
  stable/9/lib/libmd/mdXhl.c