Date: Sun, 9 Sep 2012 07:20:08 GMT From: Mark Johnston <markjdb@gmail.com> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/171402: fetch(1): Authentication error or Segmentation fault on HTTPS:// URLs Message-ID: <201209090720.q897K87p063079@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/171402; it has been noted by GNATS. From: Mark Johnston <markjdb@gmail.com> To: bug-followup@FreeBSD.org, ohartman@zedat.fu-berlin.de Cc: Subject: Re: bin/171402: fetch(1): Authentication error or Segmentation fault on HTTPS:// URLs Date: Sun, 9 Sep 2012 03:15:48 -0400 --VrqPEDrXMn8OVzN4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline I managed to figure out what the problem is, took a while though. =) libfetch uses both libmd (for HTTP digest authentication) and libcrypto (through libssl for HTTPS). The problem is that some libcrypto's hash functions (e.g. SHA256) use the same prototypes as in libmd. For some reason, fetch(1) links with libmd, so libmd's functions end up getting used by libcrypto instead of libcrypto's hash functions. In princple I think this should be fine, but the problem is that libmd's prototypes are slightly different. Specifically, the _Init, _Update and _Final functions for the alorithms don't return anything, whereas libcrypto's implementations return an int. libcrypto actually checks the return values from these functions, so libcrypto/libssl will behave differently depending on what the libmd functions leave behind in %rax as a return value. Compiling libmd with clang just result in a different outcome (segfault instead of auth error); the problem is there regardless of which compiler is used. This can be 'fixed' by simply removing the libmd dependency from fetch(1). It doesn't need it, and the libmd symbols used by libfetch aren't in libcrypto. This way, libcrypto will come first in the library path and the expected hash function implementations will be used. It's a bit sketych, and I'll try to audit the rest of the base for similar issues, but this particular problem should be fixed quickly, as it means that libfetch+https is quite broken. Thanks, -Mark --VrqPEDrXMn8OVzN4 Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="fetch_libmd.patch" diff --git a/usr.bin/fetch/Makefile b/usr.bin/fetch/Makefile index 6f0db80..5686fc6 100644 --- a/usr.bin/fetch/Makefile +++ b/usr.bin/fetch/Makefile @@ -4,8 +4,8 @@ PROG= fetch CSTD?= c99 -DPADD= ${LIBFETCH} ${LIBMD} -LDADD= -lfetch -lmd +DPADD= ${LIBFETCH} +LDADD= -lfetch .if ${MK_OPENSSL} != "no" DPADD+= ${LIBSSL} ${LIBCRYPTO} LDADD+= -lssl -lcrypto --VrqPEDrXMn8OVzN4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209090720.q897K87p063079>