b2sum: fix crash with --check and truncated input

* src/md5sum.c (split_3): Ensure we don't walk off
the end of the string.
* tests/misc/b2sum.sh: Add test cases.
Fixes https://bugs.gnu.org/28860

diff --git a/NEWS b/NEWS
index a90b5691355f9b93959236a9bfde011e5c172a35..7a163c72a804df4a09dc24e440c2c5a2ffb436fc 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,9 @@ GNU coreutils NEWS                                    -*- outline -*-
 
 ** Bug fixes
 
+  b2sum no longer crashes when processing certain truncated check files.
+  [bug introduced with b2sum coreutils-8.26]
+
   ptx -S no longer infloops for a pattern which returns zero-length matches.
   [the bug dates back to the initial implementation]
 

diff --git a/src/md5sum.c b/src/md5sum.c
index a7e2a9e71be92fd02c18d44e4182f21698dbec5c..c8002317856b747d086a8a73cc04dfb1d24259c8 100644 (file)
--- a/src/md5sum.c
+++ b/src/md5sum.c
@@ -430,7 +430,8 @@ split_3 (char *s, size_t s_len,
 #if HASH_ALGO_BLAKE2
       /* Terminate and match algorithm name.  */
       char const *algo_name = &s[i - algo_name_len];
-      while (! ISWHITE (s[i]) && s[i] != '-' && s[i] != '(')
+      /* Skip algorithm variants.  */
+      while (s[i] && ! ISWHITE (s[i]) && s[i] != '-' && s[i] != '(')
         ++i;
       bool length_specified = s[i] == '-';
       bool openssl_format = s[i] == '('; /* and no length_specified */

diff --git a/tests/misc/b2sum.sh b/tests/misc/b2sum.sh
index d16427c773f260769b64904a7321a83a2038319c..28fd95b50ffe26d865684e6edf0c53fa40241252 100755 (executable)
--- a/tests/misc/b2sum.sh
+++ b/tests/misc/b2sum.sh
@@ -46,4 +46,9 @@ b2sum -l 128 check.vals > out || fail=1
 printf '%s\n' '796485dd32fe9b754ea5fd6c721271d9  check.vals' > exp
 compare exp out || fail=1
 
+# This would segfault from coreutils-8.26 to coreutils-8.28
+printf '%s\n' 'BLAKE2' 'BLAKE2b' 'BLAKE2-' 'BLAKE2(' 'BLAKE2 (' > crash.check \
+  || framework_failure_
+returns_ 1 b2sum -c crash.check || fail=1
+
 Exit $fail