diff --git a/NEWS b/NEWS index 3e2280777..3c134db52 100644 --- a/NEWS +++ b/NEWS @@ -8,6 +8,10 @@ GNU coreutils NEWS -*- outline -*- fail on files with inode numbers that do not fit into 32 bits. [This bug was present in "the beginning".] + 'b2sum --check' will no longer read unallocated memory when + presented with malformed checksum lines. + [bug introduced in coreutils-9.2] + 'cp --parents' again succeeds when preserving mode for absolute directories. Previously it would have failed with a "No such file or directory" error. [bug introduced in coreutils-9.1] diff --git a/THANKS.in b/THANKS.in index 8d903268e..6079029a9 100644 --- a/THANKS.in +++ b/THANKS.in @@ -211,6 +211,7 @@ Francesco Montorsi fr_m@hotmail.com François Pinard pinard@iro.umontreal.ca François Rigault rigault.francois@gmail.com Frank Adler fadler@allesklar.de +Frank Busse f.busse@imperial.ac.uk Frank T Lofaro ftlofaro@snooks.Egr.UNLV.EDU Fred Fish fnf@ninemoons.com Frédéric L. W. Meunier 0@pervalidus.net diff --git a/src/digest.c b/src/digest.c index ab32968db..851c7d118 100644 --- a/src/digest.c +++ b/src/digest.c @@ -862,6 +862,10 @@ split_3 (char *s, size_t s_len, while (s[i] && !ISWHITE (s[i])) i++; + /* The digest must be followed by at least one whitespace character. */ + if (i == s_len) + return false; + *d_len = &s[i] - (char *) *digest; s[i++] = '\0'; diff --git a/tests/cksum/b2sum.sh b/tests/cksum/b2sum.sh index 6a2d13024..7013b4972 100755 --- a/tests/cksum/b2sum.sh +++ b/tests/cksum/b2sum.sh @@ -61,6 +61,11 @@ printf '%s\n' 'BLAKE2' 'BLAKE2b' 'BLAKE2-' 'BLAKE2(' 'BLAKE2 (' > crash.check \ || framework_failure_ returns_ 1 $prog -c crash.check || fail=1 +# This would read unallocated memory from coreutils-9.2 to coreutils-9.3 +# which would trigger with ASAN or valgrind +printf '0A0BA0' > overflow.check || framework_failure_ +returns_ 1 $prog -c overflow.check || fail=1 + done Exit $fail