git.proxmox.com Git - mirror

author	Renat Nurgaliyev <impleman@gmail.com>
	Sun, 15 Nov 2020 14:52:38 +0000 (15:52 +0100)
committer	Ilya Maximets <i.maximets@ovn.org>
	Mon, 16 Nov 2020 16:47:11 +0000 (17:47 +0100)
commit	a1d2c5f5d9ed3c7116e76048c042c47dc85aa43c
tree	cd6bf7021395ddd25b8a8203c5d25daca2b22cbf	tree
parent	be4b7719dc0d730a8ed8e9c7b4c492c25a258b8a	commit \| diff

sha1: Fix algorithm for data bigger than 512 megabytes.

In modern systems, size_t is 64 bits. There is a 32 bit overflow check
in sha1_update(), which will not work correctly, because compiler will
do an automatic cast to 64 bits, since size_t type variable is in the
expression. We do want however to lose data, since this is the whole
idea of this overflow check.

Because of this, computation of SHA-1 checksum will always be incorrect
for any data, that is bigger than 512 megabytes, which in bits is the
boundary of 32 bits integer.

In practice it means that any OVSDB transaction, bigger or equal to 512
megabytes, is considered corrupt and ovsdb-server will refuse to work
with the database file. This is especially critical for OVN southbound
database, since it tends to grow rapidly.

Fixes: 5eccf359391f ("Replace SHA-1 library with one that is clearly licensed.")
Signed-off-by: Renat Nurgaliyev <impleman@gmail.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>

lib/sha1.c		diff \| blob \| blame \| history
lib/sha1.h		diff \| blob \| blame \| history