Validate input given with -x is specified1.1.3

Signed-off-by: Mattias Andrée <maandree@kth.se>
author: Mattias Andrée <maandree@kth.se> 2017-11-15 22:35:36 +0100
committer: Mattias Andrée <maandree@kth.se> 2017-11-15 22:35:36 +0100
commit: f5556fec326d5ec149f676dbdfe3d408d3a8902e (patch)
tree: 98792fbd940ae1b92ec7b759da987aeebc664823
parent: Fix buffer overflow (diff)
download: sha3sum-1.1.3.tar.gz
sha3sum-1.1.3.tar.bz2
sha3sum-1.1.3.tar.xz
1 files changed, 10 insertions, 5 deletions
diff --git a/common.c b/common.c
index 4fc2cce..8930d08 100644
--- a/common.c
+++ b/common.c
@@ -169,16 +169,21 @@ generalised_sum_fd_hex(int fd, libkeccak_state_t *restrict state,
 		r = w = 0;
 		while (r < (size_t)got) {
 			c = chunk[r++];
-			if (c <= ' ')
-				continue;
-			buf = (buf << 4) | ((c & 15) + (c > '9' ? 9 : 0));
-			if ((even ^= 1))
-				chunk[w++] = buf;
+			if (isxdigit(c)) {
+				buf = (buf << 4) | ((c & 15) + (c > '9' ? 9 : 0));
+				if ((even ^= 1))
+					chunk[w++] = buf;
+			} else if (!isspace(c)) {
+				user_error("file is malformated");
+			}
 		}
 		if (libkeccak_fast_update(state, chunk, w) < 0)
 			return -1;
 	}
 
+	if (!even)
+		user_error("file is malformated");
+
 	return libkeccak_fast_digest(state, NULL, 0, 0, suffix, hash);
 }
author	Mattias Andrée <maandree@kth.se>	2017-11-15 22:35:36 +0100
committer	Mattias Andrée <maandree@kth.se>	2017-11-15 22:35:36 +0100
commit	f5556fec326d5ec149f676dbdfe3d408d3a8902e (patch)
tree	98792fbd940ae1b92ec7b759da987aeebc664823
parent	Fix buffer overflow (diff)
download	sha3sum-1.1.3.tar.gz sha3sum-1.1.3.tar.bz2 sha3sum-1.1.3.tar.xz