[#61171] Re: [ruby-changes:33145] normal:r45224 (trunk): gc.c: fix build for testing w/o RGenGC — SASADA Koichi <ko1@...>
(2014/03/01 16:15), normal wrote:
3 messages
2014/03/01
[#61243] [ruby-trunk - Feature #9425] [PATCH] st: use power-of-two sizes to avoid slow modulo ops — normalperson@...
Issue #9425 has been updated by Eric Wong.
4 messages
2014/03/03
[#61359] [ruby-trunk - Bug #9609] [Open] [PATCH] vm_eval.c: fix misplaced RB_GC_GUARDs — normalperson@...
Issue #9609 has been reported by Eric Wong.
5 messages
2014/03/07
[#61360] Re: [ruby-trunk - Bug #9609] [Open] [PATCH] vm_eval.c: fix misplaced RB_GC_GUARDs
— SASADA Koichi <ko1@...>
2014/03/07
(2014/03/07 19:09), normalperson@yhbt.net wrote:
[#61362] Re: [ruby-trunk - Bug #9609] [Open] [PATCH] vm_eval.c: fix misplaced RB_GC_GUARDs
— Eric Wong <normalperson@...>
2014/03/07
SASADA Koichi <ko1@atdot.net> wrote:
[#61424] [REJECT?] xmalloc/xfree: reduce atomic ops w/ thread-locals — Eric Wong <normalperson@...>
I'm unsure about this. I _hate_ the extra branches this adds;
13 messages
2014/03/12
[#61466] Re: [REJECT?] xmalloc/xfree: reduce atomic ops w/ thread-locals
— SASADA Koichi <ko1@...>
2014/03/13
Hi Eric,
[#61471] Re: [REJECT?] xmalloc/xfree: reduce atomic ops w/ thread-locals
— Eric Wong <normalperson@...>
2014/03/13
SASADA Koichi <ko1@atdot.net> wrote:
[#61508] Re: [REJECT?] xmalloc/xfree: reduce atomic ops w/ thread-locals
— SASADA Koichi <ko1@...>
2014/03/15
(2014/03/14 2:12), Eric Wong wrote:
[#61509] Re: [REJECT?] xmalloc/xfree: reduce atomic ops w/ thread-locals
— Eric Wong <normalperson@...>
2014/03/15
SASADA Koichi <ko1@atdot.net> wrote:
[#61452] [ruby-trunk - Feature #9632] [Open] [PATCH 0/2] speedup IO#close with linked-list from ccan — normalperson@...
Issue #9632 has been reported by Eric Wong.
3 messages
2014/03/13
[#61496] [ruby-trunk - Feature #9638] [Open] [PATCH] limit IDs to 32-bits on 64-bit systems — normalperson@...
Issue #9638 has been reported by Eric Wong.
4 messages
2014/03/14
[#61568] hash function for global method cache — Eric Wong <normalperson@...>
I came upon this because I noticed existing st numtable worked poorly
7 messages
2014/03/17
[#61605] Re: hash function for global method cache
— SASADA Koichi <ko1@...>
2014/03/20
(2014/03/18 8:03), Eric Wong wrote:
[#61606] Re: hash function for global method cache
— Eric Wong <normalperson@...>
2014/03/20
SASADA Koichi <ko1@atdot.net> wrote:
[#61631] Re: hash function for global method cache
— =?KOI8-R?B?4NLJyiDzz8vPzM/X?= <funny.falcon@...>
2014/03/22
what's the profit from using binary tree in place of hash?
[#61632] Re: hash function for global method cache
— Eric Wong <normalperson@...>
2014/03/22
Юрий Соколов <funny.falcon@gmail.com> wrote:
[#61687] [ruby-trunk - Bug #9606] Ocassional SIGSEGV inTestException#test_machine_stackoverflow on OpenBSD — normalperson@...
Issue #9606 has been updated by Eric Wong.
3 messages
2014/03/26
[#61760] [ruby-trunk - Feature #9632] [PATCH 0/2] speedup IO#close with linked-list from ccan — normalperson@...
Issue #9632 has been updated by Eric Wong.
3 messages
2014/03/30
[ruby-core:61736] [ruby-trunk - Bug #9659] crash in FIPS mode after unchecked algo->init_func failure
From:
jared.jennings.ctr@...
Date:
2014-03-28 00:29:46 UTC
List:
ruby-core #61736
Issue #9659 has been updated by Jared Jennings.
If any credit is given for finding this problem, it belongs to Joseph Yaworski; see https://tickets.puppetlabs.com/browse/PUP-1840.
----------------------------------------
Bug #9659: crash in FIPS mode after unchecked algo->init_func failure
https://bugs.ruby-lang.org/issues/9659#change-45976
* Author: Jared Jennings
* Status: Open
* Priority: Normal
* Assignee:
* Category: ext
* Target version: current: 2.2.0
* ruby -v: ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN
----------------------------------------
This is just like #4944, but in the `digest` extension instead of the `openssl` extension.
On my host, which is configured for FIPS 140-2 compliance (this is a U.S. Government security standard), OpenSSL refuses to perform an MD5 checksum. It indicates this refusal when the digest algorithm initialization function is called: this function returns a 0 indicating failure instead of a 1 indicating success. But it's just a bunch of arithmetic; how can it fail? So the return code is ignored. But if the initialization fails, and we go on trying to use the algorithm, the Ruby interpreter crashes:
~~~
$ OPENSSL_FORCE_FIPS_MODE= ruby -rdigest -e "puts Digest::MD5.hexdigest('hi')"
md5_dgst.c(78): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!
Aborted (core dumped)
~~~
The digest extension, in the `rb_digest_base_alloc`, `rb_digest_base_reset`, and `rb_digest_base_finish` functions, is ignoring the return code of `algo->init_func`. If OpenSSL is present at build time, `algo->init_func` works out to be the `MD5_Init` function from OpenSSL. This function, according to its man page, returns a 1 for success or 0 for failure.
I see the problem under Ruby 1.8.7 as patched by Red Hat; I can't easily build the trunk on my system, but it looks like in r43668 the return value still isn't being checked in these three places:
* source:ext/digest/digest.c@43668#L551
* source:ext/digest/digest.c@43668#L589
* source:ext/digest/digest.c@43668#L627
---Files--------------------------------
002-builtin-indicate-digest-failure.patch (10.4 KB)
001-detect-digest-failure.patch (2.12 KB)
003-digest-openssl-md5-use-evp-api.patch (1.8 KB)
--
https://bugs.ruby-lang.org/