Participants
Heikki Linnakangas
Heikki Linnakangas
Robert Haas
Robert Haas
Michael Paquier
Michael Paquier
Attachments
Download Latest Patchset
+1-5
Show all attachments
Thread Outline
#1Heikki LinnakangasHeikki Linnakangas
Aug 06, 2024
#2Robert HaasRobert Haasto Heikki Linnakangas (#1)
Aug 06, 2024
#3Michael PaquierMichael Paquierto Robert Haas (#2)
Aug 06, 2024
#4Heikki LinnakangasHeikki Linnakangasto Michael Paquier (#3)
Aug 07, 2024

Thread-unsafe MD5 on big-endian systems with no OpenSSL

Started by Heikki Linnakangasover 1 year ago4 messageshackers
Jump to latest
#1Heikki Linnakangas
Heikki Linnakangas
heikki.linnakangas@enterprisedb.com

While browsing through all our global variables for the multithreading
effort, I noticed that our MD5 implementation in src/common/md5.c uses a
static buffer on big-endian systems, which makes it not thread-safe.
That's a bug because that function is also used in libpq.

This was introduced in commit b67b57a966, which replaced the old MD5
fallback implementation with the one from pgcrypto. The thread-safety
didn't matter for pgcrypto, but for libpq it does.

This only affects big-endian systems that are compiled without OpenSSL.

--
Heikki Linnakangas
Neon (https://neon.tech)

Attachments:

0001-Make-fallback-MD5-implementation-thread-safe-on-big-.patchtext/x-patch; charset=UTF-8; name=0001-Make-fallback-MD5-implementation-thread-safe-on-big-.patchDownload+1-5
#2Robert Haas
Robert Haas
robertmhaas@gmail.com
In reply to: Heikki Linnakangas (#1)
Re: Thread-unsafe MD5 on big-endian systems with no OpenSSL

On Tue, Aug 6, 2024 at 8:23 AM Heikki Linnakangas <hlinnaka@iki.fi> wrote:

While browsing through all our global variables for the multithreading
effort, I noticed that our MD5 implementation in src/common/md5.c uses a
static buffer on big-endian systems, which makes it not thread-safe.
That's a bug because that function is also used in libpq.

This was introduced in commit b67b57a966, which replaced the old MD5
fallback implementation with the one from pgcrypto. The thread-safety
didn't matter for pgcrypto, but for libpq it does.

This only affects big-endian systems that are compiled without OpenSSL.

LGTM.

--
Robert Haas
EDB: http://www.enterprisedb.com

#3Michael Paquier
Michael Paquier
michael@paquier.xyz
In reply to: Robert Haas (#2)
Re: Thread-unsafe MD5 on big-endian systems with no OpenSSL

On Aug 6, 2024, at 23:05, Robert Haas <robertmhaas@gmail.com> wrote:
On Tue, Aug 6, 2024 at 8:23 AM Heikki Linnakangas <hlinnaka@iki.fi> wrote:

This only affects big-endian systems that are compiled without OpenSSL.

LGTM.

Nice catch, looks fine to me as well.
--
Michael

#4Heikki Linnakangas
Heikki Linnakangas
heikki.linnakangas@enterprisedb.com
In reply to: Michael Paquier (#3)
Re: Thread-unsafe MD5 on big-endian systems with no OpenSSL

On 06/08/2024 18:11, Michael Paquier wrote:

On Aug 6, 2024, at 23:05, Robert Haas <robertmhaas@gmail.com> wrote:
On Tue, Aug 6, 2024 at 8:23 AM Heikki Linnakangas <hlinnaka@iki.fi> wrote:

This only affects big-endian systems that are compiled without OpenSSL.

LGTM.

Nice catch, looks fine to me as well.

Committed, thanks

--
Heikki Linnakangas
Neon (https://neon.tech)

← Back to Topics