From: Pádraig Brady Date: Mon, 16 Oct 2017 08:04:37 +0000 (-0700) Subject: b2sum: fix crash with --check and truncated input X-Git-Tag: v8.29~47 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cc19f63be3ad0f27c9ea7f223883b75917fda7fb;p=thirdparty%2Fcoreutils.git b2sum: fix crash with --check and truncated input * src/md5sum.c (split_3): Ensure we don't walk off the end of the string. * tests/misc/b2sum.sh: Add test cases. Fixes https://bugs.gnu.org/28860 --- diff --git a/NEWS b/NEWS index a90b569135..7a163c72a8 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,9 @@ GNU coreutils NEWS -*- outline -*- ** Bug fixes + b2sum no longer crashes when processing certain truncated check files. + [bug introduced with b2sum coreutils-8.26] + ptx -S no longer infloops for a pattern which returns zero-length matches. [the bug dates back to the initial implementation] diff --git a/src/md5sum.c b/src/md5sum.c index a7e2a9e71b..c800231785 100644 --- a/src/md5sum.c +++ b/src/md5sum.c @@ -430,7 +430,8 @@ split_3 (char *s, size_t s_len, #if HASH_ALGO_BLAKE2 /* Terminate and match algorithm name. */ char const *algo_name = &s[i - algo_name_len]; - while (! ISWHITE (s[i]) && s[i] != '-' && s[i] != '(') + /* Skip algorithm variants. */ + while (s[i] && ! ISWHITE (s[i]) && s[i] != '-' && s[i] != '(') ++i; bool length_specified = s[i] == '-'; bool openssl_format = s[i] == '('; /* and no length_specified */ diff --git a/tests/misc/b2sum.sh b/tests/misc/b2sum.sh index d16427c773..28fd95b50f 100755 --- a/tests/misc/b2sum.sh +++ b/tests/misc/b2sum.sh @@ -46,4 +46,9 @@ b2sum -l 128 check.vals > out || fail=1 printf '%s\n' '796485dd32fe9b754ea5fd6c721271d9 check.vals' > exp compare exp out || fail=1 +# This would segfault from coreutils-8.26 to coreutils-8.28 +printf '%s\n' 'BLAKE2' 'BLAKE2b' 'BLAKE2-' 'BLAKE2(' 'BLAKE2 (' > crash.check \ + || framework_failure_ +returns_ 1 b2sum -c crash.check || fail=1 + Exit $fail