Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: lib...@packages.debian.org
Control: affects -1 + src:libbsd
Hi!
[ Reason ]
The libbsd library used to provide MD5 implementations, but those got
split into their own libmd library, and the code removed and switched
to be wrappers to use the libmd implementations to preserve the ABI.
The wrapping for one of those functions was not implemented properly
and that caused the symbol to call itself instead of redirecting to
the libmd symbol, which results in an infinite loop. This got later
inadvertently fixed when the wrapping method was changed, so it never
got noticed as a stable candidate, until now. (So this does not affect
neither earlier versions, nor later ones in other Debian releases.)
[ Impact ]
Any program that might have been linked against old libbsd versions
and uses this symbol from libbsd (instead of using the libmd ones
directly) can end up in this infinite loop, spinning CPU.
[ Tests ]
This is currently not part of the test suite, as these functions are
wrappers over the ones in libmd, and deprecated in favor of direct use
of the symbols in libmd. And while the fix seems obviously correct,
I've done the following to make sure, just in case:
,---
$ cat test.c
#include <stdio.h>
#include <bsd/md5.h>
int main() {
char digest[MD5_DIGEST_STRING_LENGTH + 1];
MD5File("test.c", digest);
printf("md5sum %s\n", digest);
return 0;
}
$ gcc test.c -lbsd -o test
$ timeout 2 ./test
$ echo $?
124
$ sudo dpkg -i libbsd0_0.11.3-1+deb11u1_amd64.deb
$ timeout 2 ./test
md5sum e75d8ce892d0ed5fb1aa2d39242f156c
$ md5sum test.c
e75d8ce892d0ed5fb1aa2d39242f156c test.c
`---
[ Risks ]
Seems like low risk to me
[ Checklist ]
[√] *all* changes are documented in the d/changelog
[√] I reviewed all changes and I approve them
[√] attach debdiff against the package in (old)stable
[√] the issue is verified as fixed in unstable
[ Changes ]
Adds a patch making the MD5File() function call the libmd MD5File()
one instead of calling itself.
Attached the debdiff for the update I've prepared.
Thanks,
Guillem
diff -Nru libbsd-0.11.3/debian/changelog libbsd-0.11.3/debian/changelog
--- libbsd-0.11.3/debian/changelog 2021-02-09 06:36:23.000000000 +0100
+++ libbsd-0.11.3/debian/changelog 2023-05-07 19:13:23.000000000 +0200
@@ -1,3 +1,11 @@
+libbsd (0.11.3-1+deb11u1) bullseye; urgency=medium
+
+ * Fix infinite loop when using MD5File() symbol due to missing symbol
+ redirection. Thanks to Guillaume Morin <guilla...@morinfr.org>.
+ Closes: #1033671
+
+ -- Guillem Jover <guil...@debian.org> Sun, 07 May 2023 19:13:23 +0200
+
libbsd (0.11.3-1) unstable; urgency=medium
* New upstream release.
diff -Nru
libbsd-0.11.3/debian/patches/Fix-infinite-loop-on-MD5File-symbol-use.patch
libbsd-0.11.3/debian/patches/Fix-infinite-loop-on-MD5File-symbol-use.patch
--- libbsd-0.11.3/debian/patches/Fix-infinite-loop-on-MD5File-symbol-use.patch
1970-01-01 01:00:00.000000000 +0100
+++ libbsd-0.11.3/debian/patches/Fix-infinite-loop-on-MD5File-symbol-use.patch
2023-05-07 19:13:23.000000000 +0200
@@ -0,0 +1,22 @@
+Author: Guillem Jover <guil...@hadrons.org>
+Description: The MD5File() symbol is calling itself causing an infinite loop.
+ This was caused by an omission when switching to use the symbol redirects,
+ which was not applied for this symbol, but was subsequently fixed w/o notice
+ when the redirection method was changed, so this was not spotted as a stable
+ candidate fix.
+Origin: upstream, commit:e7cf8c5785b14fc8fbd37bb665a5f9a4f28c7888
+Bug-Debian: https://bugs.debian.org/1033671
+Forwarded: not-needed
+Last-Update: 2023-05-07
+
+--- a/src/md5.c
++++ b/src/md5.c
+@@ -105,7 +105,7 @@
+ MD5File(const char *filename, char *buf)
+ {
+ libmd_wrapper(MD5File);
+- return MD5File(filename, buf);
++ return libmd_MD5File(filename, buf);
+ }
+
+ char *
diff -Nru libbsd-0.11.3/debian/patches/series
libbsd-0.11.3/debian/patches/series
--- libbsd-0.11.3/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ libbsd-0.11.3/debian/patches/series 2023-05-07 19:13:23.000000000 +0200
@@ -0,0 +1 @@
+Fix-infinite-loop-on-MD5File-symbol-use.patch
