Thread: Thread-unsafe MD5 on big-endian systems with no OpenSSL
While browsing through all our global variables for the multithreading effort, I noticed that our MD5 implementation in src/common/md5.c uses a static buffer on big-endian systems, which makes it not thread-safe. That's a bug because that function is also used in libpq. This was introduced in commit b67b57a966, which replaced the old MD5 fallback implementation with the one from pgcrypto. The thread-safety didn't matter for pgcrypto, but for libpq it does. This only affects big-endian systems that are compiled without OpenSSL. -- Heikki Linnakangas Neon (https://neon.tech)
Attachment
On Tue, Aug 6, 2024 at 8:23 AM Heikki Linnakangas <hlinnaka@iki.fi> wrote: > While browsing through all our global variables for the multithreading > effort, I noticed that our MD5 implementation in src/common/md5.c uses a > static buffer on big-endian systems, which makes it not thread-safe. > That's a bug because that function is also used in libpq. > > This was introduced in commit b67b57a966, which replaced the old MD5 > fallback implementation with the one from pgcrypto. The thread-safety > didn't matter for pgcrypto, but for libpq it does. > > This only affects big-endian systems that are compiled without OpenSSL. LGTM. -- Robert Haas EDB: http://www.enterprisedb.com
> On Aug 6, 2024, at 23:05, Robert Haas <robertmhaas@gmail.com> wrote: > On Tue, Aug 6, 2024 at 8:23 AM Heikki Linnakangas <hlinnaka@iki.fi> wrote: >> >> This only affects big-endian systems that are compiled without OpenSSL. > > LGTM. Nice catch, looks fine to me as well. -- Michael
On 06/08/2024 18:11, Michael Paquier wrote: > >> On Aug 6, 2024, at 23:05, Robert Haas <robertmhaas@gmail.com> wrote: >> On Tue, Aug 6, 2024 at 8:23 AM Heikki Linnakangas <hlinnaka@iki.fi> wrote: >>> >>> This only affects big-endian systems that are compiled without OpenSSL. >> >> LGTM. > > Nice catch, looks fine to me as well. Committed, thanks -- Heikki Linnakangas Neon (https://neon.tech)