Re: fsfs: Segfault when rep line lists the all-zeroes checksum
Bert Huijben wrote on Tue, Aug 30, 2016 at 12:42:14 +0200: > > > > -Original Message- > > From: Daniel Shahaf [mailto:d...@daniel.shahaf.name] > > Sent: dinsdag 30 augustus 2016 03:06 > > To: Stefan Fuhrmann> > Cc: dev@subversion.apache.org > > Subject: Re: fsfs: Segfault when rep line lists the all-zeroes checksum > > > > Stefan Fuhrmann wrote on Mon, Aug 29, 2016 at 22:10:07 +0200: > > > On 29.08.2016 18:57, Daniel Shahaf wrote: > > > >Line 801 sets CHECKSUM to NULL (as promised by > > svn_checksum_parse_hex()'s > > > >docstring), line 803 dereferences it unconditionally. > > > I vaguely remember that we use(d) all-0 checksums > > > as a 'no checksum' indicator. There may have been > > > some mix-up when rep structure got flattened. > > > > The all-zeroes checksum compares equal to any other checksum. > > I would guess that the all 0 checksum is *also* the checksum of some > very unlikely data, so users might be able to trigger this under some > very unusual circumstances. md5 has no known preimage attacks, so the probability that somebody would accidentally commit a preimage of any particular checksum is for all practical purposes zero.
ApacheCon Seville CFP closes September 9th
It's traditional. We wait for the last minute to get our talk proposals in for conferences. Well, the last minute has arrived. The CFP for ApacheCon Seville closes on September 9th, which is less than 2 weeks away. It's time to get your talks in, so that we can make this the best ApacheCon yet. It's also time to discuss with your developer and user community whether there's a track of talks that you might want to propose, so that you have more complete coverage of your project than a talk or two. For Apache Big Data, the relevant URLs are: Event details: http://events.linuxfoundation.org/events/apache-big-data-europe CFP: http://events.linuxfoundation.org/events/apache-big-data-europe/program/cfp For ApacheCon Europe, the relevant URLs are: Event details: http://events.linuxfoundation.org/events/apachecon-europe CFP: http://events.linuxfoundation.org/events/apachecon-europe/program/cfp This year, we'll be reviewing papers "blind" - that is, looking at the abstracts without knowing who the speaker is. This has been shown to eliminate the "me and my buddies" nature of many tech conferences, producing more diversity, and more new speakers. So make sure your abstracts clearly explain what you'll be talking about. For further updated about ApacheCon, follow us on Twitter, @ApacheCon, or drop by our IRC channel, #apachecon on the Freenode IRC network. -- Rich Bowen WWW: http://apachecon.com/ Twitter: @ApacheCon
RE: fsfs: Segfault when rep line lists the all-zeroes checksum
> -Original Message- > From: Daniel Shahaf [mailto:d...@daniel.shahaf.name] > Sent: dinsdag 30 augustus 2016 03:06 > To: Stefan Fuhrmann> Cc: dev@subversion.apache.org > Subject: Re: fsfs: Segfault when rep line lists the all-zeroes checksum > > Stefan Fuhrmann wrote on Mon, Aug 29, 2016 at 22:10:07 +0200: > > On 29.08.2016 18:57, Daniel Shahaf wrote: > > >Line 801 sets CHECKSUM to NULL (as promised by > svn_checksum_parse_hex()'s > > >docstring), line 803 dereferences it unconditionally. > > I vaguely remember that we use(d) all-0 checksums > > as a 'no checksum' indicator. There may have been > > some mix-up when rep structure got flattened. > > The all-zeroes checksum compares equal to any other checksum. I would guess that the all 0 checksum is *also* the checksum of some very unlikely data, so users might be able to trigger this under some very unusual circumstances. Bert