diff options
| author | Pádraig Brady <P@draigBrady.com> | 2025-10-06 16:32:26 +0100 |
|---|---|---|
| committer | Pádraig Brady <P@draigBrady.com> | 2025-10-07 15:58:36 +0100 |
| commit | e661c7a52568710a3cedf8fbb3a683805f1caff2 (patch) | |
| tree | d6dacf82ca57ba84ccd539d9bd4445c99021a461 | |
| parent | cksum: fix --check with --algorithm=sha2 (diff) | |
| download | coreutils-e661c7a52568710a3cedf8fbb3a683805f1caff2.tar.gz coreutils-e661c7a52568710a3cedf8fbb3a683805f1caff2.zip | |
cksum: fix length validation with SHA2- tagged format
* src/digest.c (sha2_sum_stream): Change from unreachable()
to affirm() so that we have defined behavior unless
we configure with --disable-assert.
(sha3_sum_stream): Likewise.
(split_3): Validate SHA2-lengths before passing on.
* tests/cksum/cksum-c.sh: Add a test case.
* NEWS: Mention the bug fix.
| -rw-r--r-- | NEWS | 5 | ||||
| -rw-r--r-- | src/digest.c | 15 | ||||
| -rwxr-xr-x | tests/cksum/cksum-c.sh | 10 |
3 files changed, 21 insertions, 9 deletions
@@ -11,8 +11,9 @@ GNU coreutils NEWS -*- outline -*- for all length adjustable algorithms (blake2b, sha2, sha3). [bug introduced in coreutils-9.2] - 'cksum --check -a sha2' now supports tagged format. - '-a sha2' is not required with tagged format, but should be accepted. + 'cksum --check -a sha2' has better support for tagged format. Previously + an unneeded but explicit '-a sha2' did not match standard tags like SHA256. + Also non standard SHA2 tags with a bad length resulted in undefined behavior. [bug introduced in coreutils-9.8] 'rm -d DIR' no longer fails on Ceph snapshot directories. diff --git a/src/digest.c b/src/digest.c index 86119b5ab..45c13e33c 100644 --- a/src/digest.c +++ b/src/digest.c @@ -21,6 +21,7 @@ #include <getopt.h> #include <sys/types.h> +#include "assure.h" #include "system.h" #include "argmatch.h" #include "c-ctype.h" @@ -300,7 +301,7 @@ sha2_sum_stream (FILE *stream, void *resstream, uintmax_t *length) case SHA512_DIGEST_SIZE: return sha512_stream (stream, resstream); default: - unreachable (); + affirm (false); } } static int @@ -317,7 +318,7 @@ sha3_sum_stream (FILE *stream, void *resstream, uintmax_t *length) case SHA3_512_DIGEST_SIZE: return sha3_512_stream (stream, resstream); default: - unreachable (); + affirm (false); } } static int @@ -888,12 +889,12 @@ split_3 (char *s, size_t s_len, if (xstrtoumax (s + i, &siend, 0, &length, nullptr) != LONGINT_OK) return false; # if HASH_ALGO_CKSUM - else if (cksum_algorithm == sha3) + else if (cksum_algorithm == sha2 || cksum_algorithm == sha3) { - if (length != SHA3_224_DIGEST_SIZE * 8 - && length != SHA3_256_DIGEST_SIZE * 8 - && length != SHA3_384_DIGEST_SIZE * 8 - && length != SHA3_512_DIGEST_SIZE * 8) + if (length != SHA224_DIGEST_SIZE * 8 + && length != SHA256_DIGEST_SIZE * 8 + && length != SHA384_DIGEST_SIZE * 8 + && length != SHA512_DIGEST_SIZE * 8) return false; } # endif diff --git a/tests/cksum/cksum-c.sh b/tests/cksum/cksum-c.sh index 9e08bddeb..452f93368 100755 --- a/tests/cksum/cksum-c.sh +++ b/tests/cksum/cksum-c.sh @@ -36,6 +36,16 @@ for file in sha384-tag.sum sha2-tag.sum; do done done +# Ensure invalid length is handled appropriately +# coreutils-9.8 had undefined behavior with the following: +printf '%s\n' 'SHA2-128 (/dev/null) = 38b060a751ac96384cd9327eb1b1e36a' \ + > sha2-bad-length.sum || framework_failure_ +returns_ 1 cksum --check sha2-bad-length.sum 2>err || fail=1 +echo 'cksum: sha2-bad-length.sum: no properly formatted checksum lines found' \ + > experr || framework_failure_ +compare experr err || fail=1 + + # Ensure leading whitespace and \ ignored sed 's/^/ \\/' CHECKSUMS | cksum --strict -c || fail=1 |