[prev in list] [next in list] [prev in thread] [next in thread] 

List:       coreutils-bug
Subject:    bug#26263: sha256sum does not correctly parse file with PGP message header (coreutils 8.26)
From:       Pádraig Brady <P () draigBrady ! com>
Date:       2017-03-27 0:13:56
Message-ID: 445c0f61-0cbb-a08e-7335-3e2dc1088a5e () draigBrady ! com
[Download RAW message or body]

On 26/03/17 03:09, Toby Kelsey wrote:
> I notice sha256sum does not correctly parse a file with a PGP header. Here is a script log:

> toby@toby-pc:/tmp/test$ sha256sum -c hashes.txt
> 
> sha256sum: ' monero-win-x64-v0.10.3.0.zip': No such file or directory
>   monero-win-x64-v0.10.3.0.zip: FAILED open or read

> There is a spurious extra space at the start of filenames in the larger file.
> If I just extract the hash lines it works:

> The hash file is from <https://getmonero.org/downloads/hashes.txt>

The attached should fix this issue.

thanks,
Pádraig


["md5sum-bad-bsd-r.patch" (text/x-patch)]

From 1a1029ea037d70d13eef05d29d17980fac729e2a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pádraig Brady?= <P@draigBrady.com>
Date: Sun, 26 Mar 2017 17:04:36 -0700
Subject: [PATCH] md5sum,b2sum,sha*sum: don't erroneously trigger BSD reversed
 mode

* src/md5sum.c (split_3): Verify hex digits internally before
triggering the global bsd_reversed mode flag.
(bsd_split_3): Likewise.
* tests/misc/md5sum-bsd.sh: Add a test case.
* NEWS: Mention the bug fix.
Fixes http://bugs.gnu.org/26263
---
 NEWS                     |  4 ++++
 src/md5sum.c             | 39 +++++++++++++++++++++------------------
 tests/misc/md5sum-bsd.sh |  7 +++++++
 3 files changed, 32 insertions(+), 18 deletions(-)

diff --git a/NEWS b/NEWS
index e8d6d34..4604318 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,10 @@ GNU coreutils NEWS                                    -*- outline -*-
   split no longer exits when invocations of a --filter return EPIPE.
   [bug introduced in coreutils-8.26]

+  md5sum --check no longer incorrectly enables BSD reversed format mode when
+  ignoring some non checksum lines.  This also affects sha*sum and b2sum.
+  [bug introduced in coreutils-8.14]
+

 * Noteworthy changes in release 8.27 (2017-03-08) [stable]

diff --git a/src/md5sum.c b/src/md5sum.c
index e58a68e..91cdfb2 100644
--- a/src/md5sum.c
+++ b/src/md5sum.c
@@ -346,6 +346,21 @@ filename_unescape (char *s, size_t s_len)
   return s;
 }

+/* Return true if S is a NUL-terminated string of DIGEST_HEX_BYTES hex digits.
+   Otherwise, return false.  */
+static bool _GL_ATTRIBUTE_PURE
+hex_digits (unsigned char const *s)
+{
+  unsigned int i;
+  for (i = 0; i < digest_hex_bytes; i++)
+    {
+      if (!isxdigit (*s))
+        return false;
+      ++s;
+    }
+  return *s == '\0';
+}
+
 /* Split the checksum string S (of length S_LEN) from a BSD 'md5' or
    'sha1' command into two parts: a hexadecimal digest, and the file
    name.  S is modified.  Return true if successful.  */
@@ -386,7 +401,8 @@ bsd_split_3 (char *s, size_t s_len, unsigned char **hex_digest,
     i++;

   *hex_digest = (unsigned char *) &s[i];
-  return true;
+
+  return hex_digits (*hex_digest);
 }

 /* Split the string S (of length S_LEN) into three parts:
@@ -492,6 +508,9 @@ split_3 (char *s, size_t s_len,

   s[i++] = '\0';

+  if (! hex_digits (*hex_digest))
+    return false;
+
   /* If "bsd reversed" format detected.  */
   if ((s_len - i == 1) || (s[i] != ' ' && s[i] != '*'))
     {
@@ -521,21 +540,6 @@ split_3 (char *s, size_t s_len,
   return true;
 }

-/* Return true if S is a NUL-terminated string of DIGEST_HEX_BYTES hex digits.
-   Otherwise, return false.  */
-static bool _GL_ATTRIBUTE_PURE
-hex_digits (unsigned char const *s)
-{
-  unsigned int i;
-  for (i = 0; i < digest_hex_bytes; i++)
-    {
-      if (!isxdigit (*s))
-        return false;
-      ++s;
-    }
-  return *s == '\0';
-}
-
 /* If ESCAPE is true, then translate each NEWLINE byte to the string, "\\n",
    and each backslash to "\\\\".  */
 static void
@@ -702,8 +706,7 @@ digest_check (const char *checkfile_name)
         line[--line_length] = '\0';

       if (! (split_3 (line, line_length, &hex_digest, &binary, &filename)
-             && ! (is_stdin && STREQ (filename, "-"))
-             && hex_digits (hex_digest)))
+             && ! (is_stdin && STREQ (filename, "-"))))
         {
           ++n_misformatted_lines;

diff --git a/tests/misc/md5sum-bsd.sh b/tests/misc/md5sum-bsd.sh
index e2ad8db..dfd2cef 100755
--- a/tests/misc/md5sum-bsd.sh
+++ b/tests/misc/md5sum-bsd.sh
@@ -36,6 +36,13 @@ sed 's/  / /' check.md5sum > check.md5
 md5sum --strict -c check.md5sum || fail=1
 md5sum --strict -c check.md5 || fail=1

+# Ensure we don't trigger BSD reversed format with GPG headers etc.
+echo '____not_all_hex_so_no_match_____ blah' > check2.md5sum
+cat check.md5sum >> check2.md5sum
+md5sum -c check2.md5sum 2>check2.err || fail=1
+echo 'md5sum: WARNING: 1 line is improperly formatted' >check2.exp
+compare check2.exp check2.err || fail=1
+
 # If we skip the first entry in the BSD format checksums
 # then it'll be detected as standard format and error.
 # This unlikely caveat was thought better than mandating
--
2.9.3



[prev in list] [next in list] [prev in thread] [next in thread]