From f8b2654d129ac7290a85fd4eb129d0fc140a5325 Mon Sep 17 00:00:00 2001 From: Scott James Remnant Date: Mon, 8 Mar 2004 19:03:40 +0000 Subject: [PATCH] Apply patch from asuffield to fix various md5sum bugs by checking the bounds of the line first. --- ChangeLog | 4 ++++ THANKS | 1 + debian/changelog | 1 + utils/md5sum.c | 14 +++++++++++++- 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 9f9a6981..95f49e88 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +Mon Mar 8 19:02:25 GMT 2004 Andrew Suffield + + * utils/md5sum.c: Check the bounds of the line before processing. + Mon Mar 8 18:55:13 GMT 2004 Brian M. Carlson * utils/md5sum.c: Don't print offending lines as they may not be NULL diff --git a/THANKS b/THANKS index fa003868..d2565b84 100644 --- a/THANKS +++ b/THANKS @@ -1,6 +1,7 @@ Adam Heath Alberto Garcia Andrew Hobson +Andrew Suffield Ben Collins Branko Lankester Brian M. Carlson diff --git a/debian/changelog b/debian/changelog index 9831b7c9..d684abca 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,6 +11,7 @@ dpkg (1.10.19) unstable; urgency=low * Update support for Debian FreeBSD. Closes: #211566. * Store Architecture in the status file. Closes: #228253. * Don't print offending lines in md5sum. Closes: #170953. + * Check bounds of md5sum lines. Closes: #168443, #199489, #199693. -- Scott James Remnant UNRELEASED diff --git a/utils/md5sum.c b/utils/md5sum.c index dc55a98a..f84634ca 100644 --- a/utils/md5sum.c +++ b/utils/md5sum.c @@ -223,6 +223,14 @@ get_md5_line(FILE *fp, unsigned char *digest, char *file) if (fgets(buf, sizeof(buf), fp) == NULL) return -1; + /* A line must have: a digest (32), a separator (2), and a + * filename (at least 1) + * + * That means it must be at least 35 characters long. + */ + if (strlen(buf) < 35) + return 0; + memcpy(digest, p, 32); p += 32; if (*p++ != ' ') @@ -246,7 +254,11 @@ get_md5_line(FILE *fp, unsigned char *digest, char *file) i = strlen(p); if (i < 2 || i > 255) return 0; - p[i-1] = '\0'; + + /* Strip the trailing newline, if present */ + if (p[i-1] == '\n') + p[i-1] = '\0'; + strcpy(file, p); return rc; } -- 2.39.5