This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/14090] New: md5_process_block() produces incorrect result with large block sizes
- From: "belyshev at depni dot sinp.msu.ru" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Thu, 10 May 2012 13:41:29 +0000
- Subject: [Bug libc/14090] New: md5_process_block() produces incorrect result with large block sizes
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=14090
Bug #: 14090
Summary: md5_process_block() produces incorrect result with
large block sizes
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: unassigned@sourceware.org
ReportedBy: belyshev@depni.sinp.msu.ru
CC: drepper.fsp@gmail.com
Classification: Unclassified
crypt/md5.c: md5_process_block() (lines 319..321) contains this code for total
length handling. With large block sizes (ctx->total[0] + len) can exceed 8 GB,
thus the total[1] needs to be incremented more than by one:
------------------------------------------------------------------------------
/* First increment the byte count. RFC 1321 specifies the possible
length of the file up to 2^64 bits. Here we only compute the
number of bytes. Do a double word increment. */
ctx->total[0] += len;
if (ctx->total[0] < len)
++ctx->total[1];
------------------------------------------------------------------------------
This bug affects various copies of the same code located in gcc, sources and
gnulib repositories, and probably others, though it is rather hard to trigger
it: md5_process_block() is usually never fed with many gigabytes at once.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.