[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
md5 buffer underflow
From: |
Cristian Cadar |
Subject: |
md5 buffer underflow |
Date: |
Mon, 14 Apr 2008 19:41:32 -0700 |
Hello Jim,
Thanks again for the prompt confirmation of our previous bug reports.
We found a new bug in md5sum, due to a buffer underflow. Here is an
example that seg faults on my machine:
$ md5sum -c -- md5sum_bug.txt
Segmentation fault
The file md5sum_bug.txt is attached to this message.
The bug (or at least the proximate cause) seems to be in function
bsd_split_3 (md5sum.c:213):
i = s_len - 1;
while (i && s[i] != ')')
i--;
which when called with s_len=0, "underflows" string s.
Thanks,
Cristian
md5sum_bug.txt
Description: Text document
- md5 buffer underflow,
Cristian Cadar <=