bin/171402: fetch(1): Authentication error or Segmentation fault
on HTTPS:// URLs
Mark Johnston
markjdb at gmail.com
Sun Sep 9 07:20:09 UTC 2012
The following reply was made to PR bin/171402; it has been noted by GNATS.
From: Mark Johnston <markjdb at gmail.com>
To: bug-followup at FreeBSD.org, ohartman at zedat.fu-berlin.de
Cc:
Subject: Re: bin/171402: fetch(1): Authentication error or Segmentation fault
on HTTPS:// URLs
Date: Sun, 9 Sep 2012 03:15:48 -0400
--VrqPEDrXMn8OVzN4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
I managed to figure out what the problem is, took a while though. =)
libfetch uses both libmd (for HTTP digest authentication) and libcrypto
(through libssl for HTTPS). The problem is that some libcrypto's hash
functions (e.g. SHA256) use the same prototypes as in libmd. For some
reason, fetch(1) links with libmd, so libmd's functions end up getting
used by libcrypto instead of libcrypto's hash functions. In princple
I think this should be fine, but the problem is that libmd's prototypes
are slightly different. Specifically, the _Init, _Update and _Final
functions for the alorithms don't return anything, whereas libcrypto's
implementations return an int.
libcrypto actually checks the return values from these functions, so
libcrypto/libssl will behave differently depending on what the libmd
functions leave behind in %rax as a return value. Compiling libmd with
clang just result in a different outcome (segfault instead of auth
error); the problem is there regardless of which compiler is used.
This can be 'fixed' by simply removing the libmd dependency from
fetch(1). It doesn't need it, and the libmd symbols used by libfetch
aren't in libcrypto. This way, libcrypto will come first in the library
path and the expected hash function implementations will be used. It's a
bit sketych, and I'll try to audit the rest of the base for similar
issues, but this particular problem should be fixed quickly, as it means
that libfetch+https is quite broken.
Thanks,
-Mark
--VrqPEDrXMn8OVzN4
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment; filename="fetch_libmd.patch"
diff --git a/usr.bin/fetch/Makefile b/usr.bin/fetch/Makefile
index 6f0db80..5686fc6 100644
--- a/usr.bin/fetch/Makefile
+++ b/usr.bin/fetch/Makefile
@@ -4,8 +4,8 @@
PROG= fetch
CSTD?= c99
-DPADD= ${LIBFETCH} ${LIBMD}
-LDADD= -lfetch -lmd
+DPADD= ${LIBFETCH}
+LDADD= -lfetch
.if ${MK_OPENSSL} != "no"
DPADD+= ${LIBSSL} ${LIBCRYPTO}
LDADD+= -lssl -lcrypto
--VrqPEDrXMn8OVzN4--
More information about the freebsd-bugs
mailing list