diff options
author | Mattias Andrée <maandree@kth.se> | 2017-11-15 22:35:36 +0100 |
---|---|---|
committer | Mattias Andrée <maandree@kth.se> | 2017-11-15 22:35:36 +0100 |
commit | f5556fec326d5ec149f676dbdfe3d408d3a8902e (patch) | |
tree | 98792fbd940ae1b92ec7b759da987aeebc664823 | |
parent | Fix buffer overflow (diff) | |
download | sha3sum-1.1.3.tar.gz sha3sum-1.1.3.tar.bz2 sha3sum-1.1.3.tar.xz |
Validate input given with -x is specified1.1.3
Signed-off-by: Mattias Andrée <maandree@kth.se>
-rw-r--r-- | common.c | 15 |
1 files changed, 10 insertions, 5 deletions
@@ -169,16 +169,21 @@ generalised_sum_fd_hex(int fd, libkeccak_state_t *restrict state, r = w = 0; while (r < (size_t)got) { c = chunk[r++]; - if (c <= ' ') - continue; - buf = (buf << 4) | ((c & 15) + (c > '9' ? 9 : 0)); - if ((even ^= 1)) - chunk[w++] = buf; + if (isxdigit(c)) { + buf = (buf << 4) | ((c & 15) + (c > '9' ? 9 : 0)); + if ((even ^= 1)) + chunk[w++] = buf; + } else if (!isspace(c)) { + user_error("file is malformated"); + } } if (libkeccak_fast_update(state, chunk, w) < 0) return -1; } + if (!even) + user_error("file is malformated"); + return libkeccak_fast_digest(state, NULL, 0, 0, suffix, hash); } |