Bug#168443: md5sum -c and unexpected inputs
> Dpkg's md5sum segfault if presented an invalid file with -c:
Also, it fails in strange and misleading ways if you give it a file in
a subtly different format from that expected. For instance:
rjk@rollercoaster:~/junk$ cat md5sums
cd7fd662dfd566d2e909b09a15047342 *exp.tar.gz
f3d0724b37006a9f714e419055fa885b *all-tag-versions
f409221a22823d5fd045855179fdb192 *build-info
end
rjk@rollercoaster:~/junk$ /usr/bin/md5sum -c <md5sums
/usr/bin/md5sum: can't open build-inf
The textutils md5sum, however, works fine with this input:
rjk@rollercoaster:~/junk$ /usr/bin/md5sum.textutils -c <md5sums
exp.tar.gz: OK
all-tag-versions: OK
build-info: OK
Anyway, the patch below works for me.
rjk@rollercoaster:~/junk$ ~/3rd/dpkg-1.9.21/build/utils/md5sum -c < md5sums
rjk@rollercoaster:~/junk$ echo $?
0
It also produces more graceful behaviour in the case reported by the
original submitter:
rjk@rollercoaster:~/junk$ ~/3rd/dpkg-1.9.21/build/utils/md5sum -c < /bin/ls
/home/rjk/3rd/dpkg-1.9.21/build/utils/md5sum: unterminated or too-long line
rjk@rollercoaster:~/junk$ echo $?
1
ttfn/rjk
--- utils/md5sum.c.orig Wed Jan 8 14:00:44 2003
+++ utils/md5sum.c Wed Jan 8 14:04:26 2003
@@ -206,6 +206,16 @@
if (fgets(buf, sizeof(buf), fp) == NULL)
return -1;
+ if (!strchr(buf, '\n')) {
+ fprintf(stderr, _("%s: unterminated or too-long line\n"),
+ progname);
+ exit(1);
+ }
+
+ /* must be at least a digest and a separator */
+ if (strlen(p) <= 32)
+ return 0;
+
memcpy(digest, p, 32);
p += 32;
if (*p++ != ' ')
Reply to: