Bug#702821: perl/hash_attack.t fails with 5.10.1 + CVE-2013-1667 fix

Niko Tyni ntyni at debian.org
Wed Mar 13 20:33:59 UTC 2013 

On Wed, Mar 13, 2013 at 10:24:36PM +0200, Niko Tyni wrote:
> On Wed, Mar 13, 2013 at 09:13:15AM -0000, Steve Hay wrote:
> > Dominic Hargreaves wrote on 2013-03-12:
> 
> > > When trying to fix this issue in Debian stable, I found that the patch at
> > > 
> > > http://svn.apache.org/viewvc?view=revision&revision=1455340
> > > 
> > > does not stop the test failing when applied to 2.0.4 (as currently
> > > found in Debian stable) and built against the current perl package in
> > > Debian stable (5.10 + the rehashing fix). 

> FWIW, I can reproduce the failure with the Debian perl 5.10.1 package and
> mod_perl2 2.0.7 with just the above test fix. So it doesn't seem to be
> a Debian change that breaks it. Maybe -Dusethreads or something like that.

(Trimming cc's, switching just to the BTS for now.)

With the squeeze package versions, I've narrowed the failure to

 t/TEST t/directive/perlrequire.t t/modules/apache_status.t t/perl/api.t t/perl/hash_attack.t

It looks like t/perl/api.t is generated on the first 'make test' run;
bisecting it might help in narrowing the case more.

Running t/TEST with -trace=debug gives this output in t/logs/error_log 
when the test fails:

[  debug] starting attack (it may take a long time!)
[  debug] mask: 511 (9)
[  debug]  1:    gg, 6b046200 29/64
[  debug]  2:    ne, 3c1dfc00 29/64
[  debug]  3:    qz, c17f0400 29/64
[  debug]  4:    sp, b886f000 29/64
[  debug]  5:   abp, b1672800 29/64
[  debug]  6:   bmt, 684fe600 29/64
[  debug]  7:   bqy, deb4e000 29/64
[  debug]  8:   bsg, 7be61400 29/64
[  debug]  9:   bvh, 4be1be00 29/64
[  debug] 10:   cfy, abe7f600 29/64
[  debug] 11:   elg, 06df9e00 29/64
[  debug] 12:   fra, 0001b600 29/64
[  debug] 13:   fvi, 95c6e600 29/64
[  debug] 14:   hkj, 97ab7000 29/64
[  debug] 15:   ifc, a458ee00 29/64
[  debug] 16:   ila, aab6e200 29/64
[  debug] pad keys from 56 to 64

and this one when it's OK (for example by excluding t/perlapi.t above):

[  debug] starting attack (it may take a long time!)
[  debug] mask: 511 (9)
[  debug]  1:    gg, 6b046200 28/64
[  debug]  2:    ne, 3c1dfc00 28/64
[  debug]  3:    qz, c17f0400 28/64
[  debug]  4:    sp, b886f000 28/64
[  debug]  5:   abp, b1672800 28/64
[  debug]  6:   bmt, 684fe600 28/64
[  debug]  7:   bqy, deb4e000 28/64
[  debug]  8:   bsg, 7be61400 28/64
[  debug]  9:   bvh, 4be1be00 28/64
[  debug] 10:   cfy, abe7f600 28/64
[  debug] 11:   elg, 06df9e00 28/64
[  debug] 12:   fra, 0001b600 28/64
[  debug] 13:   fvi, 95c6e600 28/64
[  debug] 14:   hkj, 97ab7000 28/64
[  debug] 15:   ifc, a458ee00 28/64
[  debug] 16:   ila, aab6e200 28/64
[  debug] pad keys from 55 to 64
[  debug] ending attack

Probably we just need a bit more tolerance somewhere in
t/response/TestPerl/hash_attack.pm but I'm out of hack
time tonight.
-- 
Niko Tyni   ntyni at debian.org

More information about the pkg-perl-maintainers mailing list