From e661c7a52568710a3cedf8fbb3a683805f1caff2 Mon Sep 17 00:00:00 2001
From: =?utf8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
Date: Mon, 6 Oct 2025 16:32:26 +0100
Subject: [PATCH] cksum: fix length validation with SHA2- tagged format

* src/digest.c (sha2_sum_stream): Change from unreachable()
to affirm() so that we have defined behavior unless
we configure with --disable-assert.
(sha3_sum_stream): Likewise.
(split_3): Validate SHA2-lengths before passing on.
* tests/cksum/cksum-c.sh: Add a test case.
* NEWS: Mention the bug fix.
---
 NEWS                   |  5 +++--
 src/digest.c           | 15 ++++++++-------
 tests/cksum/cksum-c.sh | 10 ++++++++++
 3 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/NEWS b/NEWS
index e1c161d96c..b49c2ea80f 100644
--- a/NEWS
+++ b/NEWS
@@ -11,8 +11,9 @@ GNU coreutils NEWS                                    -*- outline -*-
   for all length adjustable algorithms (blake2b, sha2, sha3).
   [bug introduced in coreutils-9.2]
 
-  'cksum --check -a sha2' now supports tagged format.
-  '-a sha2' is not required with tagged format, but should be accepted.
+  'cksum --check -a sha2' has better support for tagged format.  Previously
+  an unneeded but explicit '-a sha2' did not match standard tags like SHA256.
+  Also non standard SHA2 tags with a bad length resulted in undefined behavior.
   [bug introduced in coreutils-9.8]
 
   'rm -d DIR' no longer fails on Ceph snapshot directories.
diff --git a/src/digest.c b/src/digest.c
index 86119b5ab3..45c13e33c6 100644
--- a/src/digest.c
+++ b/src/digest.c
@@ -21,6 +21,7 @@
 #include <getopt.h>
 #include <sys/types.h>
 
+#include "assure.h"
 #include "system.h"
 #include "argmatch.h"
 #include "c-ctype.h"
@@ -300,7 +301,7 @@ sha2_sum_stream (FILE *stream, void *resstream, uintmax_t *length)
     case SHA512_DIGEST_SIZE:
       return sha512_stream (stream, resstream);
     default:
-      unreachable ();
+      affirm (false);
     }
 }
 static int
@@ -317,7 +318,7 @@ sha3_sum_stream (FILE *stream, void *resstream, uintmax_t *length)
     case SHA3_512_DIGEST_SIZE:
       return sha3_512_stream (stream, resstream);
     default:
-      unreachable ();
+      affirm (false);
     }
 }
 static int
@@ -888,12 +889,12 @@ split_3 (char *s, size_t s_len,
           if (xstrtoumax (s + i, &siend, 0, &length, nullptr) != LONGINT_OK)
             return false;
 # if HASH_ALGO_CKSUM
-          else if (cksum_algorithm == sha3)
+          else if (cksum_algorithm == sha2 || cksum_algorithm == sha3)
             {
-              if (length != SHA3_224_DIGEST_SIZE * 8
-                  && length != SHA3_256_DIGEST_SIZE * 8
-                  && length != SHA3_384_DIGEST_SIZE * 8
-                  && length != SHA3_512_DIGEST_SIZE * 8)
+              if (length != SHA224_DIGEST_SIZE * 8
+                  && length != SHA256_DIGEST_SIZE * 8
+                  && length != SHA384_DIGEST_SIZE * 8
+                  && length != SHA512_DIGEST_SIZE * 8)
                 return false;
             }
 # endif
diff --git a/tests/cksum/cksum-c.sh b/tests/cksum/cksum-c.sh
index 9e08bddeb0..452f93368d 100755
--- a/tests/cksum/cksum-c.sh
+++ b/tests/cksum/cksum-c.sh
@@ -36,6 +36,16 @@ for file in sha384-tag.sum sha2-tag.sum; do
   done
 done
 
+# Ensure invalid length is handled appropriately
+# coreutils-9.8 had undefined behavior with the following:
+printf '%s\n' 'SHA2-128 (/dev/null) = 38b060a751ac96384cd9327eb1b1e36a' \
+  > sha2-bad-length.sum || framework_failure_
+returns_ 1 cksum --check sha2-bad-length.sum 2>err || fail=1
+echo 'cksum: sha2-bad-length.sum: no properly formatted checksum lines found' \
+  > experr || framework_failure_
+compare experr err || fail=1
+
+
 # Ensure leading whitespace and \ ignored
 sed 's/^/ \\/' CHECKSUMS | cksum --strict -c || fail=1
 
-- 
2.47.3