[hunchentoot-devel] MD5 array out of bounds
K B
orbisignis at msn.com
Tue Jun 26 18:41:15 UTC 2012
Hi all,
I'm currently implementing a website using Hunchentoot (which I gotta say is a top bit of work!) and have stumbled upon a problem whilst trying to use sessions. The symptom is that, when a call to 'start-session' is made I run into the error:
"Error when creating REQUEST object: Array index 16 out of bounds for #(0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0)"
Now, hunchentoot passes the client browser info string (not sure what is called, but here is an example "Opera/9.80 (Windows NT 6.1; WOW64; U; Edition United Kingdom Local; en) Presto/2.10.289 Version/12.00") to the hunchentoot:md5-hex function. The interesting thing here is that the example I just gave will give an error but if you access it from another browser (e.g. Maxthon), there is no error. The difference is in the length of the "client browser info string" that the browser passes - it is shorter.
I have followed the problem to the 'finalize-md5-state' function in the md5 package, if this function is called with a string of 119 characters or less, everything is fine. However, call it with 120 characters or more and it will throw the aforementioned error.
I have managed whittle the problem down to the following piece of code in the function definition of 'finalize-md5-state' in the md5 package:
;; Create new fully 0 padded block
(loop for index of-type (integer 0 16) from 0 below 16
do (setf (aref block index) #x00000000)))
If this is changed to:
;; Create new fully 0 padded block
(loop for index from 0 below 16
do (setf (aref block index) #x00000000)))
Then all is well, the function can be called with a string of more than 119 characters and start-session will work fine with browsers that choose to use long self identification strings. Now, I am not particularly sure why doing this solves the problem, I don't *think* it should matter (looks like a bug to me, its just optimisation code, right?) but I am certainly not well enough versed with lisp to be able to pass any judgment.
In case this is an implementation thing, I am running Hunchentoot on Clozure on Debian Squeeze. Also, this error occurs with versions 1.3 and 1.5 of the md5 package (according to Cliki, 1.5 is the most recent release, and I cannot find a newer version).
Thought I'd best post it to the Hunchentoot list, even though technically it is an MD5 problem, as I'm sure someone else using Hunchentoot will bump into this problem sooner or later (or maybe one of your sites is a victim to it - Opera is not that popular a browser!), plus, I'm having trouble finding out where to post it for the maintainer of MD5 to see it.
Cheers,
Kyle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/tbnl-devel/attachments/20120626/131a18d8/attachment.html>
More information about the Tbnl-devel
mailing list