[ovs-dev] [PATCH] Fix SHA-1 algorithm for data bigger than 512 megabytes.

Renat Nurgaliyev impleman at gmail.com
Thu Nov 12 15:51:23 UTC 2020


Missing cast to 32 bits in overflow check makes this conditional never
be true. Because of this, computation of SHA-1 checksum will be wrong
for any data that is bigger than 512 megabytes, which in bits is the
boundary of 32 bits integer.

In practice it means that any big OVN southbound database, with
transactions bigger than 512 megabytes, is considered corrupt and
ovsdb-server will refuse to work with the database.

Signed-off-by: Renat Nurgaliyev <impleman at gmail.com>
---
 lib/sha1.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/sha1.c b/lib/sha1.c
index 4f48ef210..4889c976b 100644
--- a/lib/sha1.c
+++ b/lib/sha1.c
@@ -202,7 +202,7 @@ sha1_update(struct sha1_ctx *ctx, const void *buffer_, size_t count)
     const uint8_t *buffer = buffer_;
     unsigned int i;
 
-    if ((ctx->count_lo + (count << 3)) < ctx->count_lo) {
+    if ((uint32_t)(ctx->count_lo + (count << 3)) < ctx->count_lo) {
         ctx->count_hi++;
     }
     ctx->count_lo += count << 3;
-- 
2.29.2



More information about the dev mailing list