tag 199489 + patch tag 199694 + patch merge 168443 170953 199489 199694 thanks These are really all the same bug, which is that get_md5_line() doesn't bother to check the bounds of the current line. Here's the fix: --- orig/utils/md5sum.c +++ mod/utils/md5sum.c @@ -223,6 +223,14 @@ if (fgets(buf, sizeof(buf), fp) == NULL) return -1; + /* A line must have: a digest (32), a separator (2), and a + * filename (at least 1) + * + * That means it must be at least 35 characters long. + */ + if (strlen(buf) < 35) + return 0; + memcpy(digest, p, 32); p += 32; if (*p++ != ' ') @@ -243,7 +251,11 @@ i = strlen(p); if (i < 2 || i > 255) return 0; - p[i-1] = '\0'; + + /* Strip the trailing newline, if present */ + if (p[i-1] == '\n') + p[i-1] = '\0'; + strcpy(file, p); return rc; } -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- |
Attachment:
signature.asc
Description: Digital signature