Public bug reported:
cryptcab decided to treat crc32 values as a string for some reason. In
doing so, it incorrectly compares two crc32 values:
int
isvalid_crc32(unsigned char *block, int len)
{
unsigned char *crc=(unsigned char *)crc32(block,len-4);
if(strncmp((char*)block+(len-4),(char*)crc,4)==0){
free(crc);
return 1;
}else{
//fprintf(stderr,"bad crc32!\n");
free(crc);
return 0;
}
}
strcmp will stop reading at the first 0x00 character ('\0') in the string,
whether it is intentional or not. Further characters are not compared.
If the string implementation is desirable, then this code should switch
to memcmp(3), and a specified length of '4'.
However, this entire string-based comparison could probably be replaced
if the crc32() were redesigned to use htonl(3) to manipulate the crc32
values as a single four-byte entity. These can be compared using ==
directly and without invoking malloc(3) and free(3). However, I have not
tested that htonl(3) is an accurate replacement, so please be sure to
test this thoroughly. (The existing code may actually be incorrect on
PowerPC, SPARC, MIPS, etc. I also haven't tested this guess.)
** Affects: vde2 (Ubuntu)
Importance: Undecided
Status: New
** Bug watch added: SourceForge.net Tracker #3603901
http://sourceforge.net/support/tracker.php?aid=3603901
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1119988
Title:
incorrect crc32 comparisons
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vde2/+bug/1119988/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
