From nobody Thu Apr 30 21:06:59 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4g66Dg2h5rz6cGbm for ; Thu, 30 Apr 2026 21:06:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4g66Dg23PHz3Y6h for ; Thu, 30 Apr 2026 21:06:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1777583219; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ZN858MF8+UhIdpcX5PJuYEdcz+MCvdKuS1L0bQVMIes=; b=D/c0elAseOiCOWROqD4ZjrKc+vpd+SH6SyfzGPseBuC8eBlsLBq8PemHA58oikG/HSKoyX ixEp9sSSLPseLYAcLgIvitXS1Fur+ObOT252nlUoN+WPkQxDEXqvmwMrAGRz79ZYWviLa2 ZX+q4BwrCqxbT8buSVjYdQZEvDR2oob4N/W4kLj7ylglCwDZgjGDZby6aguSwASYSycI58 2E//yWFdhkArZFySWLzhEajIn6/45wooEKFoB2F6uN8cYmb3h2lmd2RsEClYBopL4Jc0sx LHZfP1f1Kwx1zJANB07VW7HZVvXeUEuebSFTPqbPhiFX9S93yGAJGAmvDkdUIg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1777583219; a=rsa-sha256; cv=none; b=FJfsoFYeUleiyWubooF0yjFrpgvGwoVkSYb5xS8KPmAiXI4EQ0onLw6v3RAPYvxa6JZ52V kwU8dOzXQllCPpeuImjEhNfH/4lYPLBQQJjc2q86k3enC23tHcUH9jHwMZFu5wB1KvKD2S iEUgyFoQzrOaANIPWuUe+hO3MtcJfGUhCaJE6qPYh7kWz2QJ7Yxid9oLJnGcHHFybjI0Lp wpt92JVEYToqCzBcGhr1vcmS8KnDSr8uXLtE+FURNofSrMVB44w7TomYrT866sUmD6LEPa q533w4QesKCg9vsRyyIBSzCzvkgFV6riq68iJWvgh0lGX84fTpdeaj/DdD3ZAw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1777583219; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ZN858MF8+UhIdpcX5PJuYEdcz+MCvdKuS1L0bQVMIes=; b=gHnm8+WGeF7DA+k+NcI+TtrDGXaUy/twhGksmDic18FQqWough6kUqxOyYZxbSsIt59f6q 0cDfxqlE2WHu7cg6+Wa2h/InTMxKIiyCPIQ96J7dzB3WPGItISXbpbXfZ57S2lppCf+Uv+ Vpqku+87qaUv/t4R9UEjwPSxwtz3P95oxBso8gldhzDv4NqUFPUVR56sX3RZuedEyDyoXB 2QEfWLzmeIaWseSqs40pX8rLp74o/xSmauQwzGmfEleTYe4JnqDHY9SjwVIt+OanDpJNeH 84AV9K2PEkRLjRiwVU1XgdNUSHz1wX6BPif3Q3b5qbFwymWbDwq5ry3S8aCTIw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4g66Dg1fdqzCYm for ; Thu, 30 Apr 2026 21:06:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 45e12 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 30 Apr 2026 21:06:59 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Dag-Erling=?utf-8?Q? Sm=C3=B8rg?=rav Subject: git: d23df52343be - stable/15 - md5: Encode non-printable filenames List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: des X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: d23df52343be4dc9b73773b7d1324b5b715b42b1 Auto-Submitted: auto-generated Date: Thu, 30 Apr 2026 21:06:59 +0000 Message-Id: <69f3c473.45e12.3568738a@gitrepo.freebsd.org> The branch stable/15 has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=d23df52343be4dc9b73773b7d1324b5b715b42b1 commit d23df52343be4dc9b73773b7d1324b5b715b42b1 Author: Dag-Erling Smørgrav AuthorDate: 2026-04-29 18:41:05 +0000 Commit: Dag-Erling Smørgrav CommitDate: 2026-04-30 21:06:54 +0000 md5: Encode non-printable filenames Encode filenames in the VIS_CSTYLE | VIS_OCTAL style regardless of output mode. When reading filenames from a checksum file, attempt to decode them, and use the decoded name unless the decoded name does not exist but the undecoded one does. This breaks compatibility with GNU coreutils, which unfortunately uses a non-reversible encoding when outputting filenames containing non-printable characters. While here, drop a sentence about preimage attacks against MD5 and SHA1 from the manual page, as I no longer trust it to be true. MFC after: 1 week Reviewed by: bcr, markj Differential Revision: https://reviews.freebsd.org/D56615 (cherry picked from commit 70fde0ed6bbbb1f84c440190ba1e5435f8c90e13) --- sbin/md5/md5.1 | 30 ++++++++++++++++++++++-------- sbin/md5/md5.c | 41 +++++++++++++++++++++++++++++++++++------ 2 files changed, 57 insertions(+), 14 deletions(-) diff --git a/sbin/md5/md5.1 b/sbin/md5/md5.1 index b530292c8269..82515dec6714 100644 --- a/sbin/md5/md5.1 +++ b/sbin/md5/md5.1 @@ -1,4 +1,4 @@ -.Dd March 12, 2024 +.Dd April 6, 2026 .Dt MD5 1 .Os .Sh NAME @@ -84,11 +84,18 @@ If no files are listed on the command line, or a file name is given as .Pa - , input is taken from stdin instead. .Pp +The utility's different modes have different output formats, but in +all cases, filenames containing unprintable characters are encoded as +described in +.Xr vis 3 +using the +.Dv VIS_CSTYLE \&| Dv VIS_OCTAL +style. +.Pp It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. -The SHA-224 , SHA-256 , SHA-384 , SHA-512, RIPEMD-160, -and SKEIN +The SHA-224, SHA-256, SHA-384, SHA-512, RIPEMD-160, and SKEIN algorithms are intended for digital signature applications, where a large file must be .Dq compressed @@ -99,10 +106,6 @@ key under a public-key cryptosystem such as RSA. The MD5 and SHA-1 algorithms have been proven to be vulnerable to practical collision attacks and should not be relied upon to produce unique outputs, .Em nor should they be used as part of a cryptographic signature scheme. -As of 2017-03-02, there is no publicly known method to -.Em reverse -either algorithm, i.e., to find an input that produces a specific -output. .Pp SHA-512t256 is a version of SHA-512 truncated to only 256 bits. On 64-bit hardware, this algorithm is approximately 50% faster than SHA-256 but @@ -385,7 +388,8 @@ is printed instead of .Xr sha256 3 , .Xr sha384 3 , .Xr sha512 3 , -.Xr skein 3 +.Xr skein 3 , +.Xr vis 3 .Rs .%A R. Rivest .%T The MD5 Message-Digest Algorithm @@ -411,6 +415,16 @@ Secure Hash Standard (SHS): .Pp The RIPEMD-160 page: .Pa https://homes.esat.kuleuven.be/~bosselae/ripemd160.html +.Sh CAVEATS +The encoding used for file names containing non-printable characters +is incompatible with that used by GNU coreutils. +The encoding used by GNU coreutils is non-reversible, in that certain +non-printable characters are encoded while others are simply omitted. +The encoding used by this utility, on the other hand, is fully +reversible. +.Pp +If interoperability with GNU coreutils is required, it is recommended +to ensure that all file names contain only printable characters. .Sh BUGS In bits mode, the original .Nm shasum diff --git a/sbin/md5/md5.c b/sbin/md5/md5.c index 10ffae53c775..04dd5fa23056 100644 --- a/sbin/md5/md5.c +++ b/sbin/md5/md5.c @@ -42,6 +42,7 @@ #include #include #include +#include #ifdef HAVE_CAPSICUM #include @@ -314,6 +315,7 @@ gnu_check(const char *checksumsfile) const char *digestname; size_t digestnamelen; size_t hashstrlen; + size_t filenamelen; struct stat st; if (strcmp(checksumsfile, "-") == 0) @@ -343,12 +345,14 @@ gnu_check(const char *checksumsfile) strncmp(hashstr - 4, ") = ", 4) == 0 && strspn(hashstr, "0123456789ABCDEFabcdef") == hashstrlen) { *(hashstr - 4) = '\0'; + filenamelen = hashstr - 4 - filename; } else if ((size_t)linelen >= hashstrlen + 3 && strspn(linebuf, "0123456789ABCDEFabcdef") == hashstrlen && linebuf[hashstrlen] == ' ') { linebuf[hashstrlen] = '\0'; hashstr = linebuf; filename = linebuf + hashstrlen + 1; + filenamelen = linelen - hashstrlen - 1; } else { if (wflag) { warnx("%s: %d: improperly formatted " @@ -365,17 +369,23 @@ gnu_check(const char *checksumsfile) if ((*filename == '*' || *filename == ' ' || *filename == 'U' || *filename == '^') && - lstat(filename, &st) != 0 && - lstat(filename + 1, &st) == 0) { - rec->filename = strdup(filename + 1); + lstat(filename, &st) != 0) { rec->input_mode = (enum input_mode)*filename; + filename++; + filenamelen--; } else { - rec->filename = strdup(filename); rec->input_mode = input_mode; } + rec->filename = malloc(filenamelen + 1); + if (rec->filename == NULL) + errx(1, "malloc failed"); + if (strnunvis(rec->filename, filenamelen + 1, filename) < 0 || + (lstat(rec->filename, &st) != 0 && lstat(filename, &st) == 0)) + memcpy(rec->filename, filename, filenamelen + 1); // XXX + rec->chksum = strdup(hashstr); - if (rec->chksum == NULL || rec->filename == NULL) + if (rec->chksum == NULL) errx(1, "malloc failed"); rec->next = NULL; *next = rec; @@ -386,6 +396,15 @@ gnu_check(const char *checksumsfile) fclose(inp); } +static int +safename(char *namebuf, size_t bufsize, const char *name) +{ + int vis_mode = VIS_NL | VIS_TAB | VIS_GLOB | VIS_SHELL; + int vis_style = VIS_CSTYLE | VIS_OCTAL; + + return (strnvis(namebuf, bufsize, name, vis_mode | vis_style)); +} + /* Main driver. Arguments (may be any combination): @@ -633,7 +652,13 @@ main(int argc, char *argv[]) } if (f == NULL) { if (errno != ENOENT || !(cflag && ignoreMissing)) { - warn("%s", filename); + char namebuf[MAXPATHLEN * 4]; + int serrno = errno; + + if (safename(namebuf, sizeof(namebuf), filename) < 0) + warnc(ENAMETOOLONG, NULL); + else + warnc(serrno, "%s", namebuf); failed = true; } continue; @@ -763,8 +788,12 @@ MDInput(const Algorithm_t *alg, FILE *f, char *buf, bool tee) static void MDOutput(const Algorithm_t *alg, char *p, const char *name) { + char namebuf[MAXPATHLEN * 4]; bool checkfailed = false; + if (safename(namebuf, sizeof(namebuf), name) < 0) + errc(1, ENAMETOOLONG, NULL); + name = namebuf; if (p == NULL) { warn("%s", name); failed = true;