[plt-scheme] Segfault in web server (due to missing library??)

From: David Storrs (david.storrs at gmail.com)
Date: Fri Oct 30 20:51:50 EDT 2009

Ok, we've got a bit more information.  Here's a test file (we have it saved
as "test-hmac.c"):

#include <openssl/hmac.h>
#include <stdio.h>

int main(int argc, char** argv) {
  unsigned char foo[10] = "boo";
  unsigned char* res = malloc(20);
  printf("%s\n", SHA1(foo, 10, res));

We built this on the Debian 5.0 system in question, using gcc -lcrypto
test-hmac.c.  If we run it as-is, it works.  If we change:

  printf("%s\n", SHA1(foo, 10, res));
  printf("%s\n", SHA1(foo, 10, 0));

...it segfaults.  Here is the code from web-server/stuffers/hmac-sha1.ss:

(define HMAC-SHA1/raw
  (if libcrypto
      (get-ffi-obj 'HMAC libcrypto
                   (_fun [EVP_MD : _fpointer = (EVP_SHA1)]
                         [key : _bytes]
                         [key_len : _int = (bytes-length key)]
                         [data : _bytes]
                         [data_len : _int = (bytes-length data)]
                         [md : _int = 0]
                         [md_len : _int = 0]     ;;  @@@@ Note the "0" here.
      (lambda (key data) (error 'HMAC-SHA1/raw "libcrypto could not

The last argument to the SHA1() function is where to put the result.  When
passed a NULL, it allocates its own return space.  We are guessing that, on
the Debian box, NULL is defined to something other than 0, so when it
receives a literal 0, it tries to write to 0x0 and segfaults.

We're trying to track down where NULL is defined now.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.racket-lang.org/users/archive/attachments/20091030/f3f8a774/attachment.html>

Posted on the users mailing list.