Re: fsfs: Segfault when rep line lists the all-zeroes checksum

['Daniel Shahaf']

Bert Huijben wrote on Tue, Aug 30, 2016 at 12:42:14 +0200:
> 
> 
> > -Original Message-
> > From: Daniel Shahaf [mailto:d...@daniel.shahaf.name]
> > Sent: dinsdag 30 augustus 2016 03:06
> > To: Stefan Fuhrmann 
> > Cc: dev@subversion.apache.org
> > Subject: Re: fsfs: Segfault when rep line lists the all-zeroes checksum
> > 
> > Stefan Fuhrmann wrote on Mon, Aug 29, 2016 at 22:10:07 +0200:
> > > On 29.08.2016 18:57, Daniel Shahaf wrote:
> > > >Line 801 sets CHECKSUM to NULL (as promised by
> > svn_checksum_parse_hex()'s
> > > >docstring), line 803 dereferences it unconditionally.
> > > I vaguely remember that we use(d) all-0 checksums
> > > as a 'no checksum' indicator. There may have been
> > > some mix-up when rep structure got flattened.
> > 
> > The all-zeroes checksum compares equal to any other checksum.
> 
> I would guess that the all 0 checksum is *also* the checksum of some
> very unlikely data, so users might be able to trigger this under some
> very unusual circumstances.

md5 has no known preimage attacks, so the probability that somebody
would accidentally commit a preimage of any particular checksum is for
all practical purposes zero.

ApacheCon Seville CFP closes September 9th

[Rich Bowen]

It's traditional. We wait for the last minute to get our talk proposals
in for conferences.

Well, the last minute has arrived. The CFP for ApacheCon Seville closes
on September 9th, which is less than 2 weeks away. It's time to get your
talks in, so that we can make this the best ApacheCon yet.

It's also time to discuss with your developer and user community whether
there's a track of talks that you might want to propose, so that you
have more complete coverage of your project than a talk or two.

For Apache Big Data, the relevant URLs are:
Event details:
http://events.linuxfoundation.org/events/apache-big-data-europe
CFP:
http://events.linuxfoundation.org/events/apache-big-data-europe/program/cfp

For ApacheCon Europe, the relevant URLs are:
Event details: http://events.linuxfoundation.org/events/apachecon-europe
CFP: http://events.linuxfoundation.org/events/apachecon-europe/program/cfp

This year, we'll be reviewing papers "blind" - that is, looking at the
abstracts without knowing who the speaker is. This has been shown to
eliminate the "me and my buddies" nature of many tech conferences,
producing more diversity, and more new speakers. So make sure your
abstracts clearly explain what you'll be talking about.

For further updated about ApacheCon, follow us on Twitter, @ApacheCon,
or drop by our IRC channel, #apachecon on the Freenode IRC network.

-- 
Rich Bowen
WWW: http://apachecon.com/
Twitter: @ApacheCon

RE: fsfs: Segfault when rep line lists the all-zeroes checksum

[Bert Huijben]

> -Original Message-
> From: Daniel Shahaf [mailto:d...@daniel.shahaf.name]
> Sent: dinsdag 30 augustus 2016 03:06
> To: Stefan Fuhrmann 
> Cc: dev@subversion.apache.org
> Subject: Re: fsfs: Segfault when rep line lists the all-zeroes checksum
> 
> Stefan Fuhrmann wrote on Mon, Aug 29, 2016 at 22:10:07 +0200:
> > On 29.08.2016 18:57, Daniel Shahaf wrote:
> > >Line 801 sets CHECKSUM to NULL (as promised by
> svn_checksum_parse_hex()'s
> > >docstring), line 803 dereferences it unconditionally.
> > I vaguely remember that we use(d) all-0 checksums
> > as a 'no checksum' indicator. There may have been
> > some mix-up when rep structure got flattened.
> 
> The all-zeroes checksum compares equal to any other checksum.

I would guess that the all 0 checksum is *also* the checksum of some very 
unlikely data, so users might be able to trigger this under some very unusual 
circumstances.

Bert