md5 buffer underflow

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

md5 buffer underflow

From:	Cristian Cadar
Subject:	md5 buffer underflow
Date:	Mon, 14 Apr 2008 19:41:32 -0700

  Hello Jim,
  
  Thanks again for the prompt confirmation of our previous bug reports.
We found a new bug in md5sum, due to a buffer underflow.  Here is an
example that seg faults on my machine:

  $ md5sum -c -- md5sum_bug.txt 
  Segmentation fault

  The file md5sum_bug.txt is attached to this message.

  The bug (or at least the proximate cause) seems to be in function
bsd_split_3 (md5sum.c:213):
          i = s_len - 1;
          while (i && s[i] != ')')
              i--;

  which when called with s_len=0, "underflows" string s.

  Thanks,
  Cristian

md5sum_bug.txt
Description: Text document

[Prev in Thread]

Current Thread

[Next in Thread]

md5 buffer underflow, Cristian Cadar <=
- Re: md5 buffer underflow, Jim Meyering, 2008/04/15

Prev by Date: Re: ls/stat-free-symlinks fails when host doesnt support stat() syscall
Next by Date: Re: md5 buffer underflow
Previous by thread: ls/stat-free-symlinks fails when host doesnt support stat() syscall
Next by thread: Re: md5 buffer underflow
Index(es):
- Date
- Thread