Re: [Dbmail-dev] md5 algorithm

Thu, 12 Feb 2004 17:55:29 +0100 (CET) 

Hi,

Aaron Stone wrote:


Funny you should mention the fgets() in read_line(), I just noticed that this
morning, too! This way my fix:

       tmpline = fgets(tmpline, MAX_LINE_SIZE, instream);
+      if (!tmpline)
+          continue;

On the next turn around the while loop, feof(instream) stops the loop.
Although I'm also thinking that this might be inviting trouble in the form of
an infinite loop if there was some other reason for fgets() to return NULL...
what was your solution?

tmpline = fgets(tmpline, MAX_LINE_SIZE, instream);
if (!tmpline)
        break;



The makemd5() function looks like it's on shaky ground to me. Lots of magic
numbers being used for things... but it's within the md5 functions that the
problem is occurring...

Ok, try this: in makemd5(), change result[16] to be twice as large. Don't
change the size of the malloc(33), since we can use valgrind to try to catch
the memory error to confirm my theory. What I'm thinking is that perhaps the
gdm_md5_final() function is producing a larger result due to being 64 bit, and
smashing the stack by running off the end of result[16].

Doesn't help I'm afraid.
Strange thing though. Without -O2, the error seems to be in md5 functions(), but with -O2, it's in a PQEscapeString (on PostgreSQL of course) 

Ilja


Aaron


Ilja Booij <[EMAIL PROTECTED]> said:



Hi all,

A few days ago Paul F De La Cruz told us that dbmail was crashing on his
Dual Opteron system. He has given me the opportunity to use his system for debugging.
I actually found two bugs. One was a bug that I could reproduce on my own systems.
It's located in header.c, in the function read_header(). In line 72, fgets can return NULL. There was no check for this, so the strlen() on line 73 segfaulted.
After fixing this bug, I happily, and wrongly ;), concluded that I had fixed it all! Paul told me that the thing was still segfaulting.. It turned out to be the makemd5() function from dbmd5.c that eventually (somewhere deep down in the md5 functions) overwrites some memory it should not overwrite. The md5 algorithm is pretty unclear to me, so I cannot find what is going wrong. 

running valgrind on x86 did not reveal any problems.

Does anyone have an idea how to fix this?

Ilja
_______________________________________________
Dbmail-dev mailing list
Dbmail-dev@dbmail.org
http://twister.fastxs.net/mailman/listinfo/dbmail-dev

Reply via email to