[jira] [Commented] (SOLR-13238) BlobHandler generates non-padded md5

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (SOLR-13238) BlobHandler generates non-padded md5

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/SOLR-13238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16820539#comment-16820539 ]

Jeff Walraven commented on SOLR-13238:
--------------------------------------

[~janhoy] The consequence of this bug is that it causes an incorrect md5 to be generated. I came across this while writing a tool that uploads a plugin jar to solr. It checks the md5 for validity and to check if the file is different before uploading a new jar. When using a standard md5 check (that properly pads the hash), the validation will fail. The difficulty with this bug is that it only shows up in some cases, so it was not apparent until a file happened to have the incorrect hash value.

Currently, the workaround is to use the same md5 hash function on both sides of the validation.

> BlobHandler generates non-padded md5
> ------------------------------------
>
>                 Key: SOLR-13238
>                 URL: https://issues.apache.org/jira/browse/SOLR-13238
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public)
>          Components: blobstore
>    Affects Versions: 6.0, 6.6.5, 7.0, 7.6
>            Reporter: Jeff Walraven
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Introduced in SOLR-6787
> The blob handler currently uses the following logic for generating/storing the md5 for uploads:
> {code:java}
> MessageDigest m = MessageDigest.getInstance("MD5");
> m.update(payload.array(), payload.position(), payload.limit());
> String md5 = new BigInteger(1, m.digest()).toString(16);
> {code}
> Unfortunately, this method does not provide padding for any md5 with less than 0x10 for its most significant byte. This means that on many occasions it could end up with a md5 hash of 31 characters instead of 32.
> I have opened a PR with the following recommended change:
> {code:java}
> String md5 = new String(Hex.encodeHex(m.digest()));
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]