diff -urNp coreutils-6.10-orig/src/md5sum.c coreutils-6.10/src/md5sum.c
--- coreutils-6.10-orig/src/md5sum.c 2007-11-25 14:23:31.000000000 +0100
+++ coreutils-6.10/src/md5sum.c 2008-04-15 21:04:09.000000000 +0200
@@ -205,6 +205,9 @@ bsd_split_3 (char *s, size_t s_len, unsi
{
size_t i;
+ if (s_len ==0)
+ return false;
+
*file_name = s;
/* Find end of filename. The BSD 'md5' and 'sha1' commands do not escape
diff -urNp coreutils-6.10-orig/src/md5sum.c coreutils-6.10/src/md5sum.c
--- coreutils-6.10-orig/src/md5sum.c 2008-05-13 15:09:09.000000000 +0200
+++ coreutils-6.10/src/md5sum.c 2008-05-13 15:10:59.000000000 +0200
@@ -343,16 +343,19 @@ split_3 (char *s, size_t s_len,
return true;
}
+/* Return true if S is a NUL-terminated string of DIGEST_HEX_BYTES hex digits.
+ Otherwise, return false. */
static bool
hex_digits (unsigned char const *s)
{
- while (*s)
+ unsigned int i;
+ for (i = 0; i < digest_hex_bytes; i++)
{
if (!isxdigit (*s))
return false;
++s;
}
- return true;
+ return *s == '\0';
}
/* An interface to the function, DIGEST_STREAM.
diff -urNp coreutils-6.10-orig/tests/misc/sha1sum coreutils-6.10/tests/misc/sha1sum
--- coreutils-6.10-orig/tests/misc/sha1sum 2007-12-13 00:14:28.000000000 +0100
+++ coreutils-6.10/tests/misc/sha1sum 2008-04-15 21:05:43.000000000 +0200
@@ -29,7 +29,7 @@ exec $PERL -w -I$srcdir/.. -MCoreutils -M"CuTmpdir qw($me)" -- - <<\EOF
require 5.003;
use strict;
-(my $program_name = $0) =~ s|.*/||;
+my $prog = 'sha1sum';
# Turn off localisation of executable's ouput.
@ENV{qw(LANGUAGE LANG LC_ALL)} = ('C') x 3;
@@ -72,6 +72,8 @@ my @Tests =
['check-bsd3', '--check', '--status',
{IN=> {'f.sha1' => "SHA1 (f) = $sha_degenerate\n"}},
{AUX=> {f=> 'bar'}}, {EXIT=> 1}],
+ ['bsd-segv', '--check', {IN=> {'z' => "SHA1 ("}}, {EXIT=> 1},
+ {ERR=> "$prog: z: no properly formatted SHA1 checksum lines found\n"}],
);
# Insert the `--text' argument for each test.
@@ -86,7 +88,6 @@ foreach $t (@Tests)
my $save_temps = $ENV{DEBUG};
my $verbose = $ENV{VERBOSE};
-my $prog = 'sha1sum';
-my $fail = run_tests ($program_name, $prog, \@Tests, $save_temps, $verbose);
+my $fail = run_tests ($prog, $prog, \@Tests, $save_temps, $verbose);
exit $fail;
EOF
diff -urNp coreutils-6.10-orig/tests/misc/md5sum coreutils-6.10/tests/misc/md5sum
--- coreutils-6.10-orig/tests/misc/md5sum 2007-12-13 00:14:28.000000000 +0100
+++ coreutils-6.10/tests/misc/md5sum 2008-05-13 15:15:48.000000000 +0200
@@ -70,6 +70,15 @@ my @Tests =
['check-bsd3', '--check', '--status',
{IN=> {'f.md5' => "MD5 (f) = $degenerate\n"}},
{AUX=> {f=> 'bar'}}, {EXIT=> 1}],
+ ['bsd-segv', '--check', {IN=> {'z' => "MD5 ("}}, {EXIT=> 1},
+ {ERR=> "md5sum: z: no properly formatted MD5 checksum lines found\n"}],
+ # Ensure that when there's a NUL byte among the checksum hex digits
+ # we detect the invalid formatting and don't even open the file.
+ # Up to coreutils-6.10, this would report:
+ # h: FAILED
+ # md5sum: WARNING: 1 of 1 computed checksum did NOT match
+ ['nul-in-cksum', '--check', {IN=> {'h'=>("\0"x32)." h\n"}}, {EXIT=> 1},
+ {ERR=> "md5sum: h: no properly formatted MD5 checksum lines found\n"}],
);
# Insert the `--text' argument for each test.