Bug#749652: freeradius-client: Conflicting declarations of function rc_md5_calc to cause undefined behaviour

[Michael Tautschnig]

Package: freeradius-client
Version: 1.1.6-7
Usertags: goto-cc

During a rebuild of all Debian packages in a clean sid chroot (using cowbuilder
and pbuilder) the build failed with the following error. Please note that we
use our research compiler tool-chain (using tools from the cbmc package), which
permits extended reporting on type inconsistencies at link time.

[...]
libtool: link: gcc -shared  -fPIC -DPIC  .libs/buildreq.o .libs/clientid.o .libs/env.o .libs/sendserver.o .libs/avpair.o .libs/config.o .libs/dict.o .libs/ip_util.o .libs/log.o .libs/md5.o .libs/util.o .libs/lock.o   -lcrypt -lnsl  -O2 -Wl,-z -Wl,relro -Wl,-z -Wl,now   -Wl,-soname -Wl,libfreeradius-client.so.2 -o .libs/libfreeradius-client.so.2.0.0

error: conflicting function declarations "rc_md5_calc"
old definition in module sendserver file ../include/freeradius-client.h line 510
void (unsigned char *, unsigned char *, unsigned int)
new definition in module md5 file md5.c line 18
void (unsigned char *output, unsigned char *input, unsigned long int inlen)
Makefile:411: recipe for target 'libfreeradius-client.la' failed
make[3]: *** [libfreeradius-client.la] Error 64
make[3]: Leaving directory '/srv/jenkins-slave/workspace/sid-goto-cc-freeradius-client/freeradius-client-1.1.6/lib'
Makefile:408: recipe for target 'all-recursive' failed
make[2]: *** [all-recursive] Error 1

For any platform with sizeof(unsigned long)>sizeof(unsigned int) any invocation
of rc_md5_calc has undefined behaviour as several bytes of the inlen parameter
will take an arbitrary value. Here, this will likely result in invalid memory
accesses.

Best,
Michael

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 859 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20140528/f79e656e/attachment.sig>