-/* Compute MD5, SHA1, SHA224, SHA256, SHA384 or SHA512 checksum of files or strings
- Copyright (C) 1995-2010 Free Software Foundation, Inc.
+/* Compute checksums of files or strings.
+ Copyright (C) 1995-2013 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
# include "sha512.h"
#endif
#include "error.h"
+#include "fadvise.h"
#include "stdio--.h"
#include "xfreopen.h"
-/* The official name of this program (e.g., no `g' prefix). */
+/* The official name of this program (e.g., no 'g' prefix). */
#if HASH_ALGO_MD5
# define PROGRAM_NAME "md5sum"
# define DIGEST_TYPE_STRING "MD5"
not include any newline character at the end of a line. */
#define MIN_DIGEST_LINE_LENGTH \
(DIGEST_HEX_BYTES /* length of hexadecimal message digest */ \
- + 2 /* blank and binary indicator */ \
+ + 1 /* blank */ \
+ 1 /* minimum filename length */ )
/* True if any of the files read were the standard input. */
/* With --check, suppress the "OK" printed for each verified file. */
static bool quiet = false;
+/* With --check, exit with a non-zero return code if any line is
+ improperly formatted. */
+static bool strict = false;
+
+/* Whether a BSD reversed format checksum is detected. */
+static int bsd_reversed = -1;
+
/* For long options that have no equivalent short option, use a
non-character as a pseudo short option, starting with CHAR_MAX + 1. */
enum
{
STATUS_OPTION = CHAR_MAX + 1,
- QUIET_OPTION
+ QUIET_OPTION,
+ STRICT_OPTION,
+ TAG_OPTION
};
static struct option const long_options[] =
{ "status", no_argument, NULL, STATUS_OPTION },
{ "text", no_argument, NULL, 't' },
{ "warn", no_argument, NULL, 'w' },
+ { "strict", no_argument, NULL, STRICT_OPTION },
+ { "tag", no_argument, NULL, TAG_OPTION },
{ GETOPT_HELP_OPTION_DECL },
{ GETOPT_VERSION_OPTION_DECL },
{ NULL, 0, NULL, 0 }
usage (int status)
{
if (status != EXIT_SUCCESS)
- fprintf (stderr, _("Try `%s --help' for more information.\n"),
- program_name);
+ emit_try_help ();
else
{
printf (_("\
DIGEST_BITS);
if (O_BINARY)
fputs (_("\
- -b, --binary read in binary mode (default unless reading tty stdin)\n\
+ -b, --binary read in binary mode (default unless reading tty stdin)\n\
"), stdout);
else
fputs (_("\
- -b, --binary read in binary mode\n\
+ -b, --binary read in binary mode\n\
"), stdout);
printf (_("\
- -c, --check read %s sums from the FILEs and check them\n"),
+ -c, --check read %s sums from the FILEs and check them\n"),
DIGEST_TYPE_STRING);
+ fputs (_("\
+ --tag create a BSD-style checksum\n\
+"), stdout);
if (O_BINARY)
fputs (_("\
- -t, --text read in text mode (default if reading tty stdin)\n\
+ -t, --text read in text mode (default if reading tty stdin)\n\
"), stdout);
else
fputs (_("\
- -t, --text read in text mode (default)\n\
+ -t, --text read in text mode (default)\n\
"), stdout);
fputs (_("\
\n\
The following three options are useful only when verifying checksums:\n\
- --quiet don't print OK for each successfully verified file\n\
- --status don't output anything, status code shows success\n\
- -w, --warn warn about improperly formatted checksum lines\n\
+ --quiet don't print OK for each successfully verified file\n\
+ --status don't output anything, status code shows success\n\
+ -w, --warn warn about improperly formatted checksum lines\n\
\n\
"), stdout);
+ fputs (_("\
+ --strict with --check, exit non-zero for any invalid input\n\
+"), stdout);
fputs (HELP_OPTION_DESCRIPTION, stdout);
fputs (VERSION_OPTION_DESCRIPTION, stdout);
printf (_("\
\n\
The sums are computed as described in %s. When checking, the input\n\
should be a former output of this program. The default mode is to print\n\
-a line with checksum, a character indicating type (`*' for binary, ` ' for\n\
-text), and name for each FILE.\n"),
+a line with checksum, a character indicating input mode ('*' for binary,\n\
+space for text), and name for each FILE.\n"),
DIGEST_REFERENCE);
emit_ancillary_info ();
}
#define ISWHITE(c) ((c) == ' ' || (c) == '\t')
+/* Given a file name, S of length S_LEN, that is not NUL-terminated,
+ modify it in place, performing the equivalent of this sed substitution:
+ 's/\\n/\n/g;s/\\\\/\\/g' i.e., replacing each "\\n" string with a newline
+ and each "\\\\" with a single backslash, NUL-terminate it and return S.
+ If S is not a valid escaped file name, i.e., if it ends with an odd number
+ of backslashes or if it contains a backslash followed by anything other
+ than "n" or another backslash, return NULL. */
+
+static char *
+filename_unescape (char *s, size_t s_len)
+{
+ char *dst = s;
+
+ for (size_t i = 0; i < s_len; i++)
+ {
+ switch (s[i])
+ {
+ case '\\':
+ if (i == s_len - 1)
+ {
+ /* File name ends with an unescaped backslash: invalid. */
+ return NULL;
+ }
+ ++i;
+ switch (s[i])
+ {
+ case 'n':
+ *dst++ = '\n';
+ break;
+ case '\\':
+ *dst++ = '\\';
+ break;
+ default:
+ /* Only '\' or 'n' may follow a backslash. */
+ return NULL;
+ }
+ break;
+
+ case '\0':
+ /* The file name may not contain a NUL. */
+ return NULL;
+
+ default:
+ *dst++ = s[i];
+ break;
+ }
+ }
+ if (dst < s + s_len)
+ *dst = '\0';
+
+ return s;
+}
+
/* Split the checksum string S (of length S_LEN) from a BSD 'md5' or
'sha1' command into two parts: a hexadecimal digest, and the file
name. S is modified. Return true if successful. */
static bool
-bsd_split_3 (char *s, size_t s_len, unsigned char **hex_digest, char **file_name)
+bsd_split_3 (char *s, size_t s_len, unsigned char **hex_digest,
+ char **file_name, bool escaped_filename)
{
size_t i;
if (s_len == 0)
return false;
- *file_name = s;
-
- /* Find end of filename. The BSD 'md5' and 'sha1' commands do not escape
- filenames, so search backwards for the last ')'. */
+ /* Find end of filename. */
i = s_len - 1;
while (i && s[i] != ')')
i--;
if (s[i] != ')')
return false;
+ *file_name = s;
+
+ if (escaped_filename && filename_unescape (s, i) == NULL)
+ return false;
+
s[i++] = '\0';
while (ISWHITE (s[i]))
while (ISWHITE (s[i]))
++i;
+ if (s[i] == '\\')
+ {
+ ++i;
+ escaped_filename = true;
+ }
+
/* Check for BSD-style checksum line. */
+
algo_name_len = strlen (DIGEST_TYPE_STRING);
- if (strncmp (s + i, DIGEST_TYPE_STRING, algo_name_len) == 0)
+ if (STREQ_LEN (s + i, DIGEST_TYPE_STRING, algo_name_len))
{
if (s[i + algo_name_len] == ' ')
++i;
*binary = 0;
return bsd_split_3 (s + i + algo_name_len + 1,
s_len - (i + algo_name_len + 1),
- hex_digest, file_name);
+ hex_digest, file_name, escaped_filename);
}
}
/* Ignore this line if it is too short.
- Each line must have at least `min_digest_line_length - 1' (or one more, if
+ Each line must have at least 'min_digest_line_length - 1' (or one more, if
the first is a backslash) more characters to contain correct message digest
information. */
if (s_len - i < min_digest_line_length + (s[i] == '\\'))
return false;
- if (s[i] == '\\')
- {
- ++i;
- escaped_filename = true;
- }
*hex_digest = (unsigned char *) &s[i];
/* The first field has to be the n-character hexadecimal
s[i++] = '\0';
- if (s[i] != ' ' && s[i] != '*')
- return false;
- *binary = (s[i++] == '*');
+ /* If "bsd reversed" format detected. */
+ if ((s_len - i == 1) || (s[i] != ' ' && s[i] != '*'))
+ {
+ /* Don't allow mixing bsd and standard formats,
+ to minimize security issues with attackers
+ renaming files with leading spaces.
+ This assumes that with bsd format checksums
+ that the first file name does not have
+ a leading ' ' or '*'. */
+ if (bsd_reversed == 0)
+ return false;
+ bsd_reversed = 1;
+ }
+ else if (bsd_reversed != 1)
+ {
+ bsd_reversed = 0;
+ *binary = (s[i++] == '*');
+ }
/* All characters between the type indicator and end of line are
significant -- that includes leading and trailing white space. */
*file_name = &s[i];
if (escaped_filename)
- {
- /* Translate each `\n' string in the file name to a NEWLINE,
- and each `\\' string to a backslash. */
-
- char *dst = &s[i];
+ return filename_unescape (&s[i], s_len - i) != NULL;
- while (i < s_len)
- {
- switch (s[i])
- {
- case '\\':
- if (i == s_len - 1)
- {
- /* A valid line does not end with a backslash. */
- return false;
- }
- ++i;
- switch (s[i++])
- {
- case 'n':
- *dst++ = '\n';
- break;
- case '\\':
- *dst++ = '\\';
- break;
- default:
- /* Only `\' or `n' may follow a backslash. */
- return false;
- }
- break;
-
- case '\0':
- /* The file name may not contain a NUL. */
- return false;
- break;
-
- default:
- *dst++ = s[i++];
- break;
- }
- }
- *dst = '\0';
- }
return true;
}
/* Return true if S is a NUL-terminated string of DIGEST_HEX_BYTES hex digits.
Otherwise, return false. */
-static bool
+static bool _GL_ATTRIBUTE_PURE
hex_digits (unsigned char const *s)
{
unsigned int i;
}
}
+ fadvise (fp, FADVISE_SEQUENTIAL);
+
err = DIGEST_STREAM (fp, bin_result);
if (err)
{
digest_check (const char *checkfile_name)
{
FILE *checkfile_stream;
+ uintmax_t n_misformatted_lines = 0;
uintmax_t n_properly_formatted_lines = 0;
+ uintmax_t n_improperly_formatted_lines = 0;
uintmax_t n_mismatched_checksums = 0;
uintmax_t n_open_or_read_failures = 0;
unsigned char bin_buffer_unaligned[DIGEST_BIN_BYTES + DIGEST_ALIGN];
line_chars_allocated = 0;
do
{
- char *filename IF_LINT (= NULL);
+ char *filename IF_LINT ( = NULL);
int binary;
- unsigned char *hex_digest IF_LINT (= NULL);
+ unsigned char *hex_digest IF_LINT ( = NULL);
ssize_t line_length;
++line_number;
&& ! (is_stdin && STREQ (filename, "-"))
&& hex_digits (hex_digest)))
{
+ ++n_misformatted_lines;
+
if (warn)
{
error (0, 0,
checkfile_name, line_number,
DIGEST_TYPE_STRING);
}
+
+ ++n_improperly_formatted_lines;
}
else
{
{
if (!status_only)
{
+ if (n_misformatted_lines != 0)
+ error (0, 0,
+ (ngettext
+ ("WARNING: %" PRIuMAX " line is improperly formatted",
+ "WARNING: %" PRIuMAX " lines are improperly formatted",
+ select_plural (n_misformatted_lines))),
+ n_misformatted_lines);
+
if (n_open_or_read_failures != 0)
error (0, 0,
- ngettext ("WARNING: %" PRIuMAX " of %" PRIuMAX
- " listed file could not be read",
- "WARNING: %" PRIuMAX " of %" PRIuMAX
- " listed files could not be read",
- select_plural (n_properly_formatted_lines)),
- n_open_or_read_failures, n_properly_formatted_lines);
+ (ngettext
+ ("WARNING: %" PRIuMAX " listed file could not be read",
+ "WARNING: %" PRIuMAX " listed files could not be read",
+ select_plural (n_open_or_read_failures))),
+ n_open_or_read_failures);
if (n_mismatched_checksums != 0)
- {
- uintmax_t n_computed_checksums =
- (n_properly_formatted_lines - n_open_or_read_failures);
- error (0, 0,
- ngettext ("WARNING: %" PRIuMAX " of %" PRIuMAX
- " computed checksum did NOT match",
- "WARNING: %" PRIuMAX " of %" PRIuMAX
- " computed checksums did NOT match",
- select_plural (n_computed_checksums)),
- n_mismatched_checksums, n_computed_checksums);
- }
+ error (0, 0,
+ (ngettext
+ ("WARNING: %" PRIuMAX " computed checksum did NOT match",
+ "WARNING: %" PRIuMAX " computed checksums did NOT match",
+ select_plural (n_mismatched_checksums))),
+ n_mismatched_checksums);
}
}
return (n_properly_formatted_lines != 0
&& n_mismatched_checksums == 0
- && n_open_or_read_failures == 0);
+ && n_open_or_read_failures == 0
+ && (!strict || n_improperly_formatted_lines == 0));
+}
+
+static void
+print_filename (char const *file)
+{
+ /* Translate each NEWLINE byte to the string, "\\n",
+ and each backslash to "\\\\". */
+ while (*file)
+ {
+ switch (*file)
+ {
+ case '\n':
+ fputs ("\\n", stdout);
+ break;
+
+ case '\\':
+ fputs ("\\\\", stdout);
+ break;
+
+ default:
+ putchar (*file);
+ break;
+ }
+ file++;
+ }
}
int
int opt;
bool ok = true;
int binary = -1;
+ bool prefix_tag = false;
/* Setting values of global variables. */
initialize_main (&argc, &argv);
warn = false;
quiet = true;
break;
+ case STRICT_OPTION:
+ strict = true;
+ break;
+ case TAG_OPTION:
+ prefix_tag = true;
+ binary = 1;
+ break;
case_GETOPT_HELP_CHAR;
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
default:
min_digest_line_length = MIN_DIGEST_LINE_LENGTH;
digest_hex_bytes = DIGEST_HEX_BYTES;
+ if (prefix_tag && !binary)
+ {
+ /* This could be supported in a backwards compatible way
+ by prefixing the output line with a space in text mode.
+ However that's invasive enough that it was agreed to
+ not support this mode with --tag, as --text use cases
+ are adequately supported by the default output format. */
+ error (0, 0, _("--tag does not support --text mode"));
+ usage (EXIT_FAILURE);
+ }
+
+ if (prefix_tag && do_check)
+ {
+ error (0, 0, _("the --tag option is meaningless when "
+ "verifying checksums"));
+ usage (EXIT_FAILURE);
+ }
+
if (0 <= binary && do_check)
{
error (0, 0, _("the --binary and --text options are meaningless when "
usage (EXIT_FAILURE);
}
+ if (strict & !do_check)
+ {
+ error (0, 0,
+ _("the --strict option is meaningful only when verifying checksums"));
+ usage (EXIT_FAILURE);
+ }
+
if (!O_BINARY && binary < 0)
binary = 0;
ok = false;
else
{
+ if (prefix_tag)
+ {
+ if (strchr (file, '\n') || strchr (file, '\\'))
+ putchar ('\\');
+
+ fputs (DIGEST_TYPE_STRING, stdout);
+ fputs (" (", stdout);
+ print_filename (file);
+ fputs (") = ", stdout);
+ }
+
size_t i;
/* Output a leading backslash if the file name contains
a newline or backslash. */
- if (strchr (file, '\n') || strchr (file, '\\'))
+ if (!prefix_tag && (strchr (file, '\n') || strchr (file, '\\')))
putchar ('\\');
for (i = 0; i < (digest_hex_bytes / 2); ++i)
printf ("%02x", bin_buffer[i]);
- putchar (' ');
- if (file_is_binary)
- putchar ('*');
- else
- putchar (' ');
-
- /* Translate each NEWLINE byte to the string, "\\n",
- and each backslash to "\\\\". */
- for (i = 0; i < strlen (file); ++i)
+ if (!prefix_tag)
{
- switch (file[i])
- {
- case '\n':
- fputs ("\\n", stdout);
- break;
-
- case '\\':
- fputs ("\\\\", stdout);
- break;
-
- default:
- putchar (file[i]);
- break;
- }
+ putchar (' ');
+
+ putchar (file_is_binary ? '*' : ' ');
+
+ print_filename (file);
}
+
putchar ('\n');
}
}