Apply patch from asuffield to fix various md5sum bugs by checking the

bounds of the line first.

diff --git a/ChangeLog b/ChangeLog
index 9f9a6981852e8efba3569ac041f9e922a39c6b87..95f49e8859b0c648c757d2bbb4a61a528b50508c 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Mon Mar  8 19:02:25 GMT 2004 Andrew Suffield <asuffield@debian.org>
+
+  * utils/md5sum.c: Check the bounds of the line before processing.
+
 Mon Mar  8 18:55:13 GMT 2004 Brian M. Carlson <sandals@crustytoothpaste.ath.cx>
 
   * utils/md5sum.c: Don't print offending lines as they may not be NULL

diff --git a/THANKS b/THANKS
index fa003868a69c7053caaf8b072587daa41d6e9aba..d2565b8425b5584870365d922bf1802edf923938 100644 (file)
--- a/THANKS
+++ b/THANKS
@@ -1,6 +1,7 @@
 Adam Heath <doogie@debian.org>
 Alberto Garcia <berto@gpul.org>
 Andrew Hobson <ahobson@eng.mindspring.net>
+Andrew Suffield <asuffield@debian.org>
 Ben Collins <bcollins@debian.org>
 Branko Lankester
 Brian M. Carlson <sandals@crustytoothpaste.ath.cx>

diff --git a/debian/changelog b/debian/changelog
index 9831b7c975514b036877cb5dc076209c96dc4893..d684abcaebf6694f4c4eeb03f856ce8f8ab6ab97 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,7 @@ dpkg (1.10.19) unstable; urgency=low
   * Update support for Debian FreeBSD.  Closes: #211566.
   * Store Architecture in the status file.  Closes: #228253.
   * Don't print offending lines in md5sum.  Closes: #170953.
+  * Check bounds of md5sum lines.  Closes: #168443, #199489, #199693.
 
  -- Scott James Remnant <scott@netsplit.com>  UNRELEASED
 

diff --git a/utils/md5sum.c b/utils/md5sum.c
index dc55a98a7aee3dfbe3e7539ecc373da13eec074b..f84634caf4b12d22e64fe914811c822739b7c884 100644 (file)
--- a/utils/md5sum.c
+++ b/utils/md5sum.c
@@ -223,6 +223,14 @@ get_md5_line(FILE *fp, unsigned char *digest, char *file)
        if (fgets(buf, sizeof(buf), fp) == NULL)
                return -1;
 
+        /* A line must have: a digest (32), a separator (2), and a
+         * filename (at least 1)
+         *
+         * That means it must be at least 35 characters long.
+         */
+       if (strlen(buf) < 35)
+               return 0;
+
        memcpy(digest, p, 32);
        p += 32;
        if (*p++ != ' ')
@@ -246,7 +254,11 @@ get_md5_line(FILE *fp, unsigned char *digest, char *file)
        i = strlen(p);
        if (i < 2 || i > 255)
                return 0;
-       p[i-1] = '\0';
+
+        /* Strip the trailing newline, if present */
+        if (p[i-1] == '\n')
+          p[i-1] = '\0';
+
        strcpy(file, p);
        return rc;
 }