Ubuntu
euca2ools package

euca-bundle-vol, euca-bundle-image use invalid sha1sum

Bug #600783 reported by Scott Moser
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
euca2ools
Fix Released
Undecided
Unassigned
euca2ools (Ubuntu)
Fix Released
High
Unassigned

Bug Description

Binary package hint: euca2ools

The check_image function at [1,2] has incorrect indentation.
   sha_image = sha()
   while 1:
       buf=in_file.read(IMAGE_IO_CHUNK)
       if not buf:
           break
   sha_image.update(buf)
   return image_size, hexlify(sha_image.digest())

The result is that the above always returns the same sha1sum as 'sha1sum /dev/null', and thus all euca2ools generated manifests have the string:
   <digest algorithm="SHA1">da39a3ee5e6b4b0d3255bfef95601890afd80709</digest>

I'm not sure what the checksum is used for here, so I'm not sure if this is a security issue (I dont think so).

--
[1] http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/maverick/euca2ools/maverick/annotate/head:/euca2ools/euca2ools/__init__.py?start_revid=23#L513
[2] http://bazaar.launchpad.net/~eucalyptus-maintainers/euca2ools/euca2ools-main/annotate/head:/euca2ools/euca2ools/__init__.py#L625

Dustin Kirkland  (kirkland)
Changed in euca2ools (Ubuntu):
status: New → Triaged
importance: Undecided → High
Scott Moser (smoser)
affects: eucalyptus → euca2ools
Changed in euca2ools:
status: New → Confirmed
Revision history for this message
Mitch Garnaat (mitch-garnaat) wrote :

This issue has been fixed in upstream as revision 318.

Scott Moser (smoser)
Changed in euca2ools:
status: Confirmed → Fix Committed
Scott Moser (smoser)
security vulnerability: yes → no
visibility: private → public
ray charly (charly-tchinda)
Changed in euca2ools (Ubuntu):
status: Triaged → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package euca2ools - 1.3.1-0ubuntu2

---------------
euca2ools (1.3.1-0ubuntu2) natty; urgency=low

  * update patch delta upstream information (all delta now upstream)
  * cherry pick upstream commits
    * r318 : fix euca-bundle-img to correctly create checksum (LP: #600783)
    * r319 : correctly catch man page build errors
  * copy filesystem uuid, label, fstype from source filesytem to
    bundled volume (LP: #667793, #672986)
 -- Scott Moser <email address hidden> Wed, 12 Jan 2011 17:29:32 -0500

Changed in euca2ools (Ubuntu):
status: Fix Committed → Fix Released
Garrett Holmstrom (gholms)
Changed in euca2ools:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.