Opened 2 years ago

Closed 23 months ago

Last modified 16 months ago

#1469 closed defect (fixed)

nginx won't build under libxcrypt due to missing 'current_salt' in 'crypt_data' struct

Reported by: fujimotos@… Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.13.x
Keywords: Cc:
uname -a: Linux 4.15.0-0.rc8.git0.1.fc28.x86_64 #1 SMP Mon Jan 15 17:04:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.13.8
built by gcc 7.2.1 20180104 (Red Hat 7.2.1-6) (GCC)

Description

PROBLEM

In Fedora 28, the crypt library has been switched from glibc to libxcrypt.
In this system, nginx fails to build with following errors:

src/os/unix/ngx_user.c:36:7: error: 'struct crypt_data' has no member named 'current_salt'
cd.current_salt[0] = ~salt[0];

Also, this issue seems to be reproducable in Fedora's build system:

https://koji.fedoraproject.org/koji/taskinfo?taskID=24331452

SOLUTION

The following patch fixes this issue:

http://pkgs.fedoraproject.org/cgit/rpms/nginx.git/tree/0001-unix-ngx_user-Apply-fix-for-really-old-bug-in-glibc-.patch

RELATED ISSUES

I think this ticket is related to this problem:

https://trac.nginx.org/nginx/ticket/685

Change History (8)

comment:1 by Maxim Dounin, 2 years ago

The glibc bug in question seems to be fixed in this change, available in glibc 2.3.2+:

2002-10-29  Daniel Jacobowitz  <drow@mvista.com>

        * crypt/crypt_util.c (__init_des_r): Initialize current_salt
        and current_saltbits.

I don't think that there are any live systems with the bug still present (according to distrowatch, CentOS 5.11, EOLed last year, includes glibc 2.5, and even CentOS 3.9 uses glibc 2.3.2, so the last CentOS version with the affected glibc is CentOS 2.0 released at 2004-05-24; the last Debian version with the affected glibc seems to be Debian 3.0 woody released at 2002-07-19), so it might make sense to simply remove the workaround.

comment:2 by Maxim Dounin, 2 years ago

See also #1532.

comment:3 by Ruslan Ermilov, 23 months ago

See also #1556.

comment:4 by Ruslan Ermilov, 23 months ago

An alternative to removing a work around is this patch:

diff --git a/src/os/unix/ngx_user.c b/src/os/unix/ngx_user.c
--- a/src/os/unix/ngx_user.c
+++ b/src/os/unix/ngx_user.c
@@ -21,7 +21,7 @@ ngx_libc_crypt(ngx_pool_t *pool, u_char 
     struct crypt_data   cd;
 
     cd.initialized = 0;
-#ifdef __GLIBC__
+#if defined(__GLIBC__) && !defined(CRYPT_DATA_INTERNAL_SIZE)
     /* work around the glibc bug */
     cd.current_salt[0] = ~salt[0];
 #endif

comment:5 by Maxim Dounin, 23 months ago

I don't think it worth the effort. Removing this workaround should be a better option, given that no platforms affected are known.

# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1527007852 -10800
#      Tue May 22 19:50:52 2018 +0300
# Node ID 97f8e45acaf6f2d96844c2d770f8851c1b515c0a
# Parent  66aa2c1e82e63a65831d062d3e7a94bca0090b7e
Removed glibc crypt_r() bug workaround (ticket #1469).

The bug in question was fixed in glibc 2.3.2 and is no longer expected
to manifest itself on real servers.  On the other hand, the workaround
causes compilation problems on various systems.  Previously, we've
already fixed the code to compile with musl libc (fd6fd02f6a4d), and
now it is broken on Fedora 28 where glibc's crypt library was replaced
by libxcrypt.  So the workaround was removed.

diff --git a/src/os/unix/ngx_user.c b/src/os/unix/ngx_user.c
--- a/src/os/unix/ngx_user.c
+++ b/src/os/unix/ngx_user.c
@@ -21,10 +21,6 @@ ngx_libc_crypt(ngx_pool_t *pool, u_char 
     struct crypt_data   cd;
 
     cd.initialized = 0;
-#ifdef __GLIBC__
-    /* work around the glibc bug */
-    cd.current_salt[0] = ~salt[0];
-#endif
 
     value = crypt_r((char *) key, (char *) salt, &cd);
 

comment:6 by Maxim Dounin <mdounin@…>, 23 months ago

In 7278:eca3e054e978/nginx:

Removed glibc crypt_r() bug workaround (ticket #1469).

The bug in question was fixed in glibc 2.3.2 and is no longer expected
to manifest itself on real servers. On the other hand, the workaround
causes compilation problems on various systems. Previously, we've
already fixed the code to compile with musl libc (fd6fd02f6a4d), and
now it is broken on Fedora 28 where glibc's crypt library was replaced
by libxcrypt. So the workaround was removed.

comment:7 by Maxim Dounin, 23 months ago

Resolution: fixed
Status: newclosed

comment:8 by Maxim Dounin <mdounin@…>, 16 months ago

In 7407:b1a166ab7f04/nginx:

Removed glibc crypt_r() bug workaround (ticket #1469).

The bug in question was fixed in glibc 2.3.2 and is no longer expected
to manifest itself on real servers. On the other hand, the workaround
causes compilation problems on various systems. Previously, we've
already fixed the code to compile with musl libc (fd6fd02f6a4d), and
now it is broken on Fedora 28 where glibc's crypt library was replaced
by libxcrypt. So the workaround was removed.

Note: See TracTickets for help on using tickets.