NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

lib/56838: namespace pollution in static libcrypt



>Number:         56838
>Category:       lib
>Synopsis:       namespace pollution in static libcrypt
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun May 15 05:25:00 +0000 2022
>Originator:     David A. Holland
>Release:        NetBSD 9.99.96 (20220514)
>Organization:
>Environment:
System: n/a
Architecture: x86_64
Machine: amd64
>Description:

The MKARGON2 files in libcrypt contain unprotected identifier names
that conflict with the application namespace and are fairly likely to
conflict with actual application symbols:

obj.amd64/libcrypt.a:encoding.o:0000000000000b8c T b64len
obj.amd64/libcrypt.a:encoding.o:00000000000002e8 T decode_string
obj.amd64/libcrypt.a:encoding.o:0000000000000537 T encode_string
obj.amd64/libcrypt.a:encoding.o:0000000000000bda T numlen
obj.amd64/libcrypt.a:core.o:0000000000000121 T allocate_memory
obj.amd64/libcrypt.a:core.o:00000000000003de T clear_internal_memory
obj.amd64/libcrypt.a:core.o:000000000000009a T copy_block
obj.amd64/libcrypt.a:core.o:0000000000000811 T fill_first_blocks
obj.amd64/libcrypt.a:core.o:0000000000000624 T fill_memory_blocks
obj.amd64/libcrypt.a:core.o:00000000000003f3 T finalize
obj.amd64/libcrypt.a:core.o:0000000000000184 T free_memory
obj.amd64/libcrypt.a:core.o:0000000000000572 T index_alpha
obj.amd64/libcrypt.a:core.o:000000000000002b T init_block_value
obj.amd64/libcrypt.a:core.o:0000000000000926 T initial_hash
obj.amd64/libcrypt.a:core.o:0000000000000936 T initialize
obj.amd64/libcrypt.a:core.o:0000000000000000 T secure_wipe_memory
obj.amd64/libcrypt.a:core.o:00000000000006cf T validate_inputs
obj.amd64/libcrypt.a:core.o:000000000000010a T xor_block
obj.amd64/libcrypt.a:ref.o:00000000000008b5 T fill_segment

In the shared library these are hidden away with ELF visibility, but
they can't just be left sitting here in the static library. This has
caused at least one package build failure (PR 56684) and will cause
all kinds of havoc for statically-linked programs.

>How-To-Repeat:

make; nm -o

>Fix:

Apply underscores.

Because it only affects the static lib, it's not absolutely critical
to get this fixed before -10 branches, but it would still not be good
to ship -10 this way.



Home | Main Index | Thread Index | Old Index