Bug #83122 for Filter-Crypto: "bad decrypt" on high-endian platfrom

Mon Feb 04 11:16:18 2013 joerg.weber [...] meta-level.de - Ticket created

Subject:	"bad decrypt" on high-endian platfrom
Date:	Mon, 4 Feb 2013 17:15:59 +0100 (CET)
To:	bug-Filter-Crypto [...] rt.cpan.org
From:	"Weber, Jörg" <joerg.weber [...] meta-level.de>

Hi maintainers, I think I've stumbled across a bug in CryptoCommon-c.inc, where in a loop 2 bytes at a time from a string named "in_text" are converted to a byte value via sscanf. The call to sscanf with format "%02x" produces a 4-byte value with its upper 3 bytes all 0. Unfortunately, on a high endian machine like our AIX servers, storing this value in another string will put the highest byte (0) instead of the lowest in the intended destination. For me this patch worked: --- CryptoCommon-c.inc.orig 2013-02-04 16:20:12.000000000 +0100 +++ CryptoCommon-c.inc 2013-02-04 16:13:12.000000000 +0100 @@ -1025,6 +1025,9 @@ FilterCrypto_SvSetCUR(out_sv, out_len); } + /* convert a hex digit with lower case letters to a byte */ + #define HN2B(hn) (((hn) >= 'a') ? ((hn)-'a'+10) : ((hn)-'0')) + /* * Function to decode the text from one SV into another SV. Inverse function * of FilterCrypto_EncodeSV(). @@ -1064,7 +1067,7 @@ } for (i = 0; i < in_len; i += 2) { - sscanf(in_text + i, "%02x", &out_text[i / 2]); + out_text[i/2] = (HN2B(in_text[i]) << 4) | HN2B(in_text[i+1]); out_len++; } Kind regards and thanks for your fine development job, Jörg Weber -------------------------------- META-LEVEL Software AG Saarbrücker Str. 51 66130 Saarbrücken Germany Tel: +49 - 681 / 99687-0 Fax: +49 - 681 / 99687-99 Mail: info@meta-level.de <mailto:info@meta-level.de> Web: www.meta-level.de <http://www.meta-level.de>

Thu Feb 07 04:11:48 2013 shay [...] cpan.org - Correspondence added

Many thanks for the report and the patch. I've incorporated your patch into the attached beta version of 2.01, together a similar change in DecodeSV() which isn't strictly necessary but the macro is probably quicker than sprintf() calls would be. Please could you test this and report back to confirm if it works for you before I upload it to CPAN? Thanks.

Subject:

Filter-Crypto-2.01.BETA.tar.gz

Download Filter-Crypto-2.01.BETA.tar.gz
application/x-gzip 165.5k

Message body not shown because it is not plain text.

Thu Feb 07 04:11:49 2013 The RT System itself - Status changed from 'new' to 'open'

Thu Feb 07 05:18:30 2013 joerg.weber [...] meta-level.de - Correspondence added

Subject:	Re: [rt.cpan.org #83122] "bad decrypt" on high-endian platfrom
Date:	Thu, 7 Feb 2013 11:05:14 +0100 (CET)
To:	bug-Filter-Crypto [...] rt.cpan.org
From:	"Weber, Jörg" <joerg.weber [...] meta-level.de>

The beta builds and works like a charm. Thanks a lot for your rapid reaction. Kind regards, Jörg Weber PS: Just for statistics, here's the "perl -V" output of our test system: Summary of my perl5 (revision 5 version 14 subversion 3) configuration: Platform: osname=aix, osvers=6.1.0.0, archname=aix-thread-multi uname='aix exaix03 1 6 00ce55af4c00 ' config_args='-der -Dcc=/usr/vac/bin/cc_r -Duseshrplib -Dusethreads -DDEBUGGING=none -Dprefix=/opt/buildperl/perl5' hint=recommended, useposix=true, d_sigaction=define useithreads=define, usemultiplicity=define useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef use64bitint=undef, use64bitall=undef, uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='/usr/vac/bin/cc_r -q32', ccflags ='-D_ALL_SOURCE -D_ANSI_C_SOURCE -D_POSIX_SOURCE -qmaxmem=-1 -qnoansialias -DUSE_NATIVE_DLOPEN -DNEED_PTHREAD_INIT -q32 -D_LARGE_FILES -qlonglong', optimize='-O', cppflags='-D_ALL_SOURCE -D_ANSI_C_SOURCE -D_POSIX_SOURCE -qmaxmem=-1 -qnoansialias -DUSE_NATIVE_DLOPEN -DNEED_PTHREAD_INIT' ccversion='11.1.0.1', gccversion='', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=4321 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=8 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=8, prototype=define Linker and Libraries: ld='ld', ldflags =' -brtl -bdynamic -b32 -bmaxdata:0x80000000' libpth=/lib /usr/lib /usr/ccs/lib libs=-lbind -lnsl -lgdbm -ldbm -ldb -ldl -lld -lm -lcrypt -lpthreads -lc perllibs=-lbind -lnsl -ldl -lld -lm -lcrypt -lpthreads -lc libc=, so=a, useshrplib=true, libperl=libperl.a gnulibc_version='' Dynamic Linking: dlsrc=dl_aix.xs, dlext=so, d_dlsymun=undef, ccdlflags=' -bE:/opt/buildperl/perl5/lib/5.14.3/aix-thread-multi/CORE/perl.exp' cccdlflags=' ', lddlflags='-bhalt:4 -G -bI:$(PERL_INC)/perl.exp -bE:$(BASEEXT).exp -bnoentry -lpthreads -lc -lm' Characteristics of this binary (from libperl): Compile-time options: MULTIPLICITY PERL_DONT_CREATE_GVSV PERL_IMPLICIT_CONTEXT PERL_MALLOC_WRAP PERL_PRESERVE_IVUV USE_ITHREADS USE_LARGE_FILES USE_PERLIO USE_PERL_ATOF USE_REENTRANT_API Built under aix Compiled at Jan 31 2013 15:21:39 @INC: /opt/buildperl/perl5/lib/site_perl/5.14.3/aix-thread-multi /opt/buildperl/perl5/lib/site_perl/5.14.3 /opt/buildperl/perl5/lib/5.14.3/aix-thread-multi /opt/buildperl/perl5/lib/5.14.3 . Steve Hay via RT <bug-Filter-Crypto@rt.cpan.org <mailto:bug-Filter-Crypto@rt.cpan.org> > hat am 7. Februar 2013 um 10:11 geschrieben: Show quoted text

> <URL: https://rt.cpan.org/Ticket/Display.html?id=83122 > <https://rt.cpan.org/Ticket/Display.html?id=83122> > > > Many thanks for the report and the patch. I've incorporated your patch > into the attached beta version of 2.01, together a similar change in > DecodeSV() which isn't strictly necessary but the macro is probably > quicker than sprintf() calls would be. > > Please could you test this and report back to confirm if it works for > you before I upload it to CPAN? Thanks.

Thu Feb 07 08:13:08 2013 shay [...] cpan.org - Correspondence added

Thanks again for your help. Version 2.01 is now uploaded to CPAN :-)

Thu Feb 07 08:13:10 2013 shay [...] cpan.org - Status changed from 'open' to 'resolved'