diff options
author | Jim Meyering <meyering@redhat.com> | 2008-04-15 08:19:11 +0200 |
---|---|---|
committer | Jim Meyering <meyering@redhat.com> | 2008-04-15 08:46:48 +0200 |
commit | 7cb24684cc4ef96bb25dfc1c819acfc3b98d9442 (patch) | |
tree | b0d71c4140509c1906993d06e5c1497fa04a13d8 | |
parent | 739cf4e8325775dd6400984b3b52e67b3102e556 (diff) | |
download | coreutils-7cb24684cc4ef96bb25dfc1c819acfc3b98d9442.tar.xz |
md5sum, sha1sum, etc: handle invalid input (i.e., don't segfault)
* src/md5sum.c (bsd_split_3): Return right away if s_len == 0.
* tests/misc/md5sum (bsd-segv): New test for the above.
* tests/misc/sha1sum (bsd-segv): Likewise.
* NEWS: Mention the bug fix.
Reported by Cristian Cadar, Daniel Dunbar and Dawson Engler.
-rw-r--r-- | NEWS | 5 | ||||
-rw-r--r-- | src/md5sum.c | 5 | ||||
-rwxr-xr-x | tests/misc/md5sum | 9 | ||||
-rwxr-xr-x | tests/misc/sha1sum | 9 |
4 files changed, 19 insertions, 9 deletions
@@ -20,6 +20,11 @@ GNU coreutils NEWS -*- outline -*- ls no longer segfaults on files in /proc when linked with an older version of libselinux. E.g., ls -l /proc/sys would dereference a NULL pointer. + md5sum would segfault for invalid BSD-style input, e.g., + echo 'MD5 (' | md5sum -c - Now, md5sum ignores that line. + sha1sum, sha224sum, sha384sum, and sha512sum are affected, too. + [bug introduced in coreutils-5.1.0] + "mkdir -Z x dir" no longer segfaults when diagnosing invalid context "x" mkfifo and mknod would fail similarly. Now they're fixed. diff --git a/src/md5sum.c b/src/md5sum.c index 28bde9909..5eb8494b0 100644 --- a/src/md5sum.c +++ b/src/md5sum.c @@ -1,5 +1,5 @@ /* Compute MD5, SHA1, SHA224, SHA256, SHA384 or SHA512 checksum of files or strings - Copyright (C) 1995-2007 Free Software Foundation, Inc. + Copyright (C) 1995-2008 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -205,6 +205,9 @@ bsd_split_3 (char *s, size_t s_len, unsigned char **hex_digest, char **file_name { size_t i; + if (s_len == 0) + return false; + *file_name = s; /* Find end of filename. The BSD 'md5' and 'sha1' commands do not escape diff --git a/tests/misc/md5sum b/tests/misc/md5sum index ca23d9432..25069fd15 100755 --- a/tests/misc/md5sum +++ b/tests/misc/md5sum @@ -1,7 +1,7 @@ #!/bin/sh # Basic tests for "md5sum". -# Copyright (C) 1998, 1999, 2003, 2005, 2007 Free Software Foundation, Inc. +# Copyright (C) 1998-1999, 2003, 2005, 2007-2008 Free Software Foundation, Inc. # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -24,7 +24,7 @@ exec $PERL -w -I$srcdir/.. -MCoreutils -M"CuTmpdir qw($me)" -- - <<\EOF require 5.003; use strict; -(my $program_name = $0) =~ s|.*/||; +my $prog = 'md5sum'; # Turn off localisation of executable's ouput. @ENV{qw(LANGUAGE LANG LC_ALL)} = ('C') x 3; @@ -64,6 +64,8 @@ my @Tests = ['check-bsd3', '--check', '--status', {IN=> {'f.md5' => "MD5 (f) = $degenerate\n"}}, {AUX=> {f=> 'bar'}}, {EXIT=> 1}], + ['bsd-segv', '--check', {IN=> {'z' => "MD5 ("}}, {EXIT=> 1}, + {ERR=> "$prog: z: no properly formatted MD5 checksum lines found\n"}], ); # Insert the `--text' argument for each test. @@ -76,7 +78,6 @@ foreach $t (@Tests) my $save_temps = $ENV{DEBUG}; my $verbose = $ENV{VERBOSE}; -my $prog = 'md5sum'; -my $fail = run_tests ($program_name, $prog, \@Tests, $save_temps, $verbose); +my $fail = run_tests ($prog, $prog, \@Tests, $save_temps, $verbose); exit $fail; EOF diff --git a/tests/misc/sha1sum b/tests/misc/sha1sum index b7d288fa2..452236d8d 100755 --- a/tests/misc/sha1sum +++ b/tests/misc/sha1sum @@ -1,7 +1,7 @@ #!/bin/sh # Test "sha1sum". -# Copyright (C) 2000, 2003, 2005-2007 Free Software Foundation, Inc. +# Copyright (C) 2000, 2003, 2005-2008 Free Software Foundation, Inc. # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -24,7 +24,7 @@ exec $PERL -w -I$srcdir/.. -MCoreutils -M"CuTmpdir qw($me)" -- - <<\EOF require 5.003; use strict; -(my $program_name = $0) =~ s|.*/||; +my $prog = 'sha1sum'; # Turn off localisation of executable's ouput. @ENV{qw(LANGUAGE LANG LC_ALL)} = ('C') x 3; @@ -66,6 +66,8 @@ my @Tests = ['check-bsd3', '--check', '--status', {IN=> {'f.sha1' => "SHA1 (f) = $sha_degenerate\n"}}, {AUX=> {f=> 'bar'}}, {EXIT=> 1}], + ['bsd-segv', '--check', {IN=> {'z' => "SHA1 ("}}, {EXIT=> 1}, + {ERR=> "$prog: z: no properly formatted SHA1 checksum lines found\n"}], ); # Insert the `--text' argument for each test. @@ -78,7 +80,6 @@ foreach $t (@Tests) my $save_temps = $ENV{DEBUG}; my $verbose = $ENV{VERBOSE}; -my $prog = 'sha1sum'; -my $fail = run_tests ($program_name, $prog, \@Tests, $save_temps, $verbose); +my $fail = run_tests ($prog, $prog, \@Tests, $save_temps, $verbose); exit $fail; EOF |