[jira] [Commented] (SOLR-13238) BlobHandler generates non-padded md5

Wed, 17 Apr 2019 15:11:51 -0700 


    [ 
https://issues.apache.org/jira/browse/SOLR-13238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16820539#comment-16820539
 ] 

Jeff Walraven commented on SOLR-13238:
--------------------------------------

[~janhoy] The consequence of this bug is that it causes an incorrect md5 to be 
generated. I came across this while writing a tool that uploads a plugin jar to 
solr. It checks the md5 for validity and to check if the file is different 
before uploading a new jar. When using a standard md5 check (that properly pads 
the hash), the validation will fail. The difficulty with this bug is that it 
only shows up in some cases, so it was not apparent until a file happened to 
have the incorrect hash value.

Currently, the workaround is to use the same md5 hash function on both sides of 
the validation.

> BlobHandler generates non-padded md5
> ------------------------------------
>
>                 Key: SOLR-13238
>                 URL: https://issues.apache.org/jira/browse/SOLR-13238
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: blobstore
>    Affects Versions: 6.0, 6.6.5, 7.0, 7.6
>            Reporter: Jeff Walraven
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Introduced in SOLR-6787
> The blob handler currently uses the following logic for generating/storing 
> the md5 for uploads:
> {code:java}
> MessageDigest m = MessageDigest.getInstance("MD5");
> m.update(payload.array(), payload.position(), payload.limit());
> String md5 = new BigInteger(1, m.digest()).toString(16);
> {code}
> Unfortunately, this method does not provide padding for any md5 with less 
> than 0x10 for its most significant byte. This means that on many occasions it 
> could end up with a md5 hash of 31 characters instead of 32. 
> I have opened a PR with the following recommended change:
> {code:java}
> String md5 = new String(Hex.encodeHex(m.digest()));
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to