Opened 22 months ago

Closed 18 months ago

Last modified 12 months ago

#1469 closed defect (fixed)

nginx won't build under libxcrypt due to missing 'current_salt' in 'crypt_data' struct

Reported by: fujimotos@… Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.13.x
Keywords: Cc:
uname -a: Linux 4.15.0-0.rc8.git0.1.fc28.x86_64 #1 SMP Mon Jan 15 17:04:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.13.8 built by gcc 7.2.1 20180104 (Red Hat 7.2.1-6) (GCC)

Description

PROBLEM

In Fedora 28, the crypt library has been switched from glibc to libxcrypt.
In this system, nginx fails to build with following errors:

src/os/unix/ngx_user.c:36:7: error: 'struct crypt_data' has no member named 'current_salt'
cd.current_salt[0] = ~salt[0];

Also, this issue seems to be reproducable in Fedora's build system:

https://koji.fedoraproject.org/koji/taskinfo?taskID=24331452

SOLUTION

The following patch fixes this issue:

http://pkgs.fedoraproject.org/cgit/rpms/nginx.git/tree/0001-unix-ngx_user-Apply-fix-for-really-old-bug-in-glibc-.patch

RELATED ISSUES

I think this ticket is related to this problem:

https://trac.nginx.org/nginx/ticket/685

Change History (8)

comment:1 Changed 22 months ago by mdounin

The glibc bug in question seems to be fixed in this change, available in glibc 2.3.2+:

2002-10-29  Daniel Jacobowitz  <drow@mvista.com>

        * crypt/crypt_util.c (__init_des_r): Initialize current_salt
        and current_saltbits.

I don't think that there are any live systems with the bug still present (according to distrowatch, CentOS 5.11, EOLed last year, includes glibc 2.5, and even CentOS 3.9 uses glibc 2.3.2, so the last CentOS version with the affected glibc is CentOS 2.0 released at 2004-05-24; the last Debian version with the affected glibc seems to be Debian 3.0 woody released at 2002-07-19), so it might make sense to simply remove the workaround.

comment:2 Changed 19 months ago by mdounin

See also #1532.

comment:3 Changed 18 months ago by ru

See also #1556.

comment:4 Changed 18 months ago by ru

An alternative to removing a work around is this patch:

diff --git a/src/os/unix/ngx_user.c b/src/os/unix/ngx_user.c
--- a/src/os/unix/ngx_user.c
+++ b/src/os/unix/ngx_user.c
@@ -21,7 +21,7 @@ ngx_libc_crypt(ngx_pool_t *pool, u_char 
     struct crypt_data   cd;
 
     cd.initialized = 0;
-#ifdef __GLIBC__
+#if defined(__GLIBC__) && !defined(CRYPT_DATA_INTERNAL_SIZE)
     /* work around the glibc bug */
     cd.current_salt[0] = ~salt[0];
 #endif

comment:5 Changed 18 months ago by mdounin

I don't think it worth the effort. Removing this workaround should be a better option, given that no platforms affected are known.

# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1527007852 -10800
#      Tue May 22 19:50:52 2018 +0300
# Node ID 97f8e45acaf6f2d96844c2d770f8851c1b515c0a
# Parent  66aa2c1e82e63a65831d062d3e7a94bca0090b7e
Removed glibc crypt_r() bug workaround (ticket #1469).

The bug in question was fixed in glibc 2.3.2 and is no longer expected
to manifest itself on real servers.  On the other hand, the workaround
causes compilation problems on various systems.  Previously, we've
already fixed the code to compile with musl libc (fd6fd02f6a4d), and
now it is broken on Fedora 28 where glibc's crypt library was replaced
by libxcrypt.  So the workaround was removed.

diff --git a/src/os/unix/ngx_user.c b/src/os/unix/ngx_user.c
--- a/src/os/unix/ngx_user.c
+++ b/src/os/unix/ngx_user.c
@@ -21,10 +21,6 @@ ngx_libc_crypt(ngx_pool_t *pool, u_char 
     struct crypt_data   cd;
 
     cd.initialized = 0;
-#ifdef __GLIBC__
-    /* work around the glibc bug */
-    cd.current_salt[0] = ~salt[0];
-#endif
 
     value = crypt_r((char *) key, (char *) salt, &cd);
 

comment:6 Changed 18 months ago by Maxim Dounin <mdounin@…>

In 7278:eca3e054e978/nginx:

Removed glibc crypt_r() bug workaround (ticket #1469).

The bug in question was fixed in glibc 2.3.2 and is no longer expected
to manifest itself on real servers. On the other hand, the workaround
causes compilation problems on various systems. Previously, we've
already fixed the code to compile with musl libc (fd6fd02f6a4d), and
now it is broken on Fedora 28 where glibc's crypt library was replaced
by libxcrypt. So the workaround was removed.

comment:7 Changed 18 months ago by mdounin

  • Resolution set to fixed
  • Status changed from new to closed

comment:8 Changed 12 months ago by Maxim Dounin <mdounin@…>

In 7407:b1a166ab7f04/nginx:

Removed glibc crypt_r() bug workaround (ticket #1469).

The bug in question was fixed in glibc 2.3.2 and is no longer expected
to manifest itself on real servers. On the other hand, the workaround
causes compilation problems on various systems. Previously, we've
already fixed the code to compile with musl libc (fd6fd02f6a4d), and
now it is broken on Fedora 28 where glibc's crypt library was replaced
by libxcrypt. So the workaround was removed.

Note: See TracTickets for help on using tickets.