From a85752ff4b7c18e6c4cf0c0e43da24080e2d0709 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Fri, 18 Apr 2008 23:42:40 +0200
Subject: md5sum -c: ignore a line with a NUL byte among checksum hex digits
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* src/md5sum.c (hex_digits): Require that all "digest_hex_bytes"
be hexadecimal digits, not just those before the first NUL byte.
This bug dates back to the original version:
3763a4f24eb21be40674d13ff7b04e078f473e85
* tests/misc/md5sum (nul-in-cksum): Test for the above.
* NEWS [Bug fixes]: Mention this.
Prompted by a report from Flóki Pálsson in
http://bugzilla.redhat.com/439531
---
 NEWS | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 3a584e9cc..3cc7151d4 100644
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,13 @@ GNU coreutils NEWS                                    -*- outline -*-
   sha1sum, sha224sum, sha384sum, and sha512sum are affected, too.
   [bug introduced in coreutils-5.1.0]
 
+  md5sum -c would accept a NUL-containing checksum string like "abcd\0..."
+  and would unnecessarily read and compute the checksum of the named file,
+  and then compare that checksum to the invalid one: guaranteed to fail.
+  Now, it recognizes that the line is not valid and skips it.
+  sha1sum, sha224sum, sha384sum, and sha512sum are affected, too.
+  [bug present in the original version, in coreutils-4.5.1, 1995]
+
   "mkdir -Z x dir" no longer segfaults when diagnosing invalid context "x"
   mkfifo and mknod would fail similarly.  Now they're fixed.
 
-- 
cgit v1.2.3-54-g00ecf