Bert Huijben wrote on Tue, Aug 30, 2016 at 12:42:14 +0200:
>
>
> > -----Original Message-----
> > From: Daniel Shahaf [mailto:d.s_at_daniel.shahaf.name]
> > Sent: dinsdag 30 augustus 2016 03:06
> > To: Stefan Fuhrmann <stefanfuhrmann_at_alice-dsl.de>
> > Cc: dev_at_subversion.apache.org
> > Subject: Re: fsfs: Segfault when rep line lists the all-zeroes checksum
> >
> > Stefan Fuhrmann wrote on Mon, Aug 29, 2016 at 22:10:07 +0200:
> > > On 29.08.2016 18:57, Daniel Shahaf wrote:
> > > >Line 801 sets CHECKSUM to NULL (as promised by
> > svn_checksum_parse_hex()'s
> > > >docstring), line 803 dereferences it unconditionally.
> > > I vaguely remember that we use(d) all-0 checksums
> > > as a 'no checksum' indicator. There may have been
> > > some mix-up when rep structure got flattened.
> >
> > The all-zeroes checksum compares equal to any other checksum.
>
> I would guess that the all 0 checksum is *also* the checksum of some
> very unlikely data, so users might be able to trigger this under some
> very unusual circumstances.
md5 has no known preimage attacks, so the probability that somebody
would accidentally commit a preimage of any particular checksum is for
all practical purposes zero.
Received on 2016-08-30 17:42:47 CEST