Date: Tue, 18 Feb 2003 17:19:31 +0200 (EET) From: "Diomidis D. Spinellis" <dds@aueb.gr> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/48424: Integer overflow in cksum(1) and sum(1) file size reporting Message-ID: <200302181519.h1IFJVOR028887@istlab.dmst.aueb.gr>
next in thread | raw e-mail | index | archive | help
>Number: 48424
>Category: bin
>Synopsis: Integer overflow in cksum(1) and sum(1) file size reporting
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Feb 18 07:20:13 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Diomidis D. Spinellis
>Release: FreeBSD 4.7-RELEASE-p3 i386
>Organization:
Athens University of Economics and Business
>Environment:
System: FreeBSD istlab.dmst.aueb.gr 4.7-RELEASE-p3 FreeBSD 4.7-RELEASE-p3 #7: Wed Jan 8 16:10:05 EET 2003 dds@istlab.dmst.aueb.gr:/usr/obj/usr/src/sys/ISTLAB i386
>Description:
cksum(1) and sum(1) report an incorrect file size for files with more
than 2**32 bytes. Performing a checksum operation over the raw device
of a modern >10GB hard disk will easilly exceed this limit.
The reason is the use of a 32-bit integer for counting input bytes.
>How-To-Repeat:
dd if=/dev/zero bs=1m count=10240 | cksum
10240+0 records in
10240+0 records out
10737418240 bytes transferred in 2344.545524 secs (4579744 bytes/sec)
2532515601 2147483648
(The second number should be 10737418240)
>Fix:
Apply the following patch:
Index: cksum/cksum.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/cksum/cksum.c,v
retrieving revision 1.16
diff -c -r1.16 cksum.c
*** cksum/cksum.c 28 Jul 2002 15:08:23 -0000 1.16
--- cksum/cksum.c 17 Feb 2003 18:38:03 -0000
***************
*** 65,74 ****
main(int argc, char **argv)
{
int ch, fd, rval;
! u_int32_t len, val;
char *fn, *p;
! int (*cfncn)(int, u_int32_t *, u_int32_t *);
! void (*pfncn)(char *, u_int32_t, u_int32_t);
if ((p = rindex(argv[0], '/')) == NULL)
p = argv[0];
--- 65,75 ----
main(int argc, char **argv)
{
int ch, fd, rval;
! u_int32_t val;
! u_quad_t len;
char *fn, *p;
! int (*cfncn)(int, u_int32_t *, u_quad_t *);
! void (*pfncn)(char *, u_int32_t, u_quad_t);
if ((p = rindex(argv[0], '/')) == NULL)
p = argv[0];
Index: cksum/crc.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/cksum/crc.c,v
retrieving revision 1.7
diff -c -r1.7 crc.c
*** cksum/crc.c 28 Jul 2002 15:08:23 -0000 1.7
--- cksum/crc.c 17 Feb 2003 18:38:03 -0000
***************
*** 111,121 ****
u_int32_t crc_total = ~0; /* The crc over a number of files. */
int
! crc(int fd, u_int32_t *cval, u_int32_t *clen)
{
u_char *p;
int nr;
! u_int32_t lcrc, len;
u_char buf[16 * 1024];
#define COMPUTE(var, ch) (var) = (var) << 8 ^ crctab[(var) >> 24 ^ (ch)]
--- 111,122 ----
u_int32_t crc_total = ~0; /* The crc over a number of files. */
int
! crc(int fd, u_int32_t *cval, u_quad_t *clen)
{
u_char *p;
int nr;
! u_int32_t lcrc;
! u_quad_t len;
u_char buf[16 * 1024];
#define COMPUTE(var, ch) (var) = (var) << 8 ^ crctab[(var) >> 24 ^ (ch)]
Index: cksum/crc32.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/cksum/crc32.c,v
retrieving revision 1.8
diff -c -r1.8 crc32.c
*** cksum/crc32.c 28 Jul 2002 15:08:23 -0000 1.8
--- cksum/crc32.c 17 Feb 2003 18:38:03 -0000
***************
*** 98,108 ****
u_int32_t crc32_total = 0 ;
int
! crc32(int fd, u_int32_t *cval, u_int32_t *clen)
{
u_int32_t lcrc = ~0;
char buf[BUFSIZ], *p ;
! int len, nr ;
len = 0 ;
crc32_total = ~crc32_total ;
--- 98,109 ----
u_int32_t crc32_total = 0 ;
int
! crc32(int fd, u_int32_t *cval, u_quad_t *clen)
{
u_int32_t lcrc = ~0;
char buf[BUFSIZ], *p ;
! int nr ;
! u_quad_t len ;
len = 0 ;
crc32_total = ~crc32_total ;
Index: cksum/extern.h
===================================================================
RCS file: /home/ncvs/src/usr.bin/cksum/extern.h,v
retrieving revision 1.5
diff -c -r1.5 extern.h
*** cksum/extern.h 22 Mar 2002 01:19:26 -0000 1.5
--- cksum/extern.h 17 Feb 2003 18:38:05 -0000
***************
*** 37,47 ****
#include <sys/cdefs.h>
__BEGIN_DECLS
! int crc(int, u_int32_t *, u_int32_t *);
! void pcrc(char *, u_int32_t, u_int32_t);
! void psum1(char *, u_int32_t, u_int32_t);
! void psum2(char *, u_int32_t, u_int32_t);
! int csum1(int, u_int32_t *, u_int32_t *);
! int csum2(int, u_int32_t *, u_int32_t *);
! int crc32(int, u_int32_t *, u_int32_t *);
__END_DECLS
--- 37,47 ----
#include <sys/cdefs.h>
__BEGIN_DECLS
! int crc(int, u_int32_t *, u_quad_t *);
! void pcrc(char *, u_int32_t, u_quad_t);
! void psum1(char *, u_int32_t, u_quad_t);
! void psum2(char *, u_int32_t, u_quad_t);
! int csum1(int, u_int32_t *, u_quad_t *);
! int csum2(int, u_int32_t *, u_quad_t *);
! int crc32(int, u_int32_t *, u_quad_t *);
__END_DECLS
Index: cksum/print.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/cksum/print.c,v
retrieving revision 1.6
diff -c -r1.6 print.c
*** cksum/print.c 28 Jul 2002 15:08:23 -0000 1.6
--- cksum/print.c 17 Feb 2003 18:38:05 -0000
***************
*** 44,70 ****
#include "extern.h"
void
! pcrc(char *fn, u_int32_t val, u_int32_t len)
{
! (void)printf("%lu %lu", (u_long) val, (u_long) len);
if (fn)
(void)printf(" %s", fn);
(void)printf("\n");
}
void
! psum1(char *fn, u_int32_t val, u_int32_t len)
{
! (void)printf("%lu %lu", (u_long) val, (u_long) (len + 1023) / 1024);
if (fn)
(void)printf(" %s", fn);
(void)printf("\n");
}
void
! psum2(char *fn, u_int32_t val, u_int32_t len)
{
! (void)printf("%lu %lu", (u_long) val, (u_long) (len + 511) / 512);
if (fn)
(void)printf(" %s", fn);
(void)printf("\n");
--- 44,70 ----
#include "extern.h"
void
! pcrc(char *fn, u_int32_t val, u_quad_t len)
{
! (void)printf("%lu %qu", (u_long) val, len);
if (fn)
(void)printf(" %s", fn);
(void)printf("\n");
}
void
! psum1(char *fn, u_int32_t val, u_quad_t len)
{
! (void)printf("%lu %qu", (u_long) val, (len + 1023) / 1024);
if (fn)
(void)printf(" %s", fn);
(void)printf("\n");
}
void
! psum2(char *fn, u_int32_t val, u_quad_t len)
{
! (void)printf("%lu %qu", (u_long) val, (len + 511) / 512);
if (fn)
(void)printf(" %s", fn);
(void)printf("\n");
Index: cksum/sum1.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/cksum/sum1.c,v
retrieving revision 1.7
diff -c -r1.7 sum1.c
*** cksum/sum1.c 28 Jul 2002 15:08:23 -0000 1.7
--- cksum/sum1.c 17 Feb 2003 18:38:05 -0000
***************
*** 45,53 ****
#include "extern.h"
int
! csum1(int fd, u_int32_t *cval, u_int32_t *clen)
{
! u_int32_t total;
int nr;
u_int lcrc;
u_char *p;
--- 45,53 ----
#include "extern.h"
int
! csum1(int fd, u_int32_t *cval, u_quad_t *clen)
{
! u_quad_t total;
int nr;
u_int lcrc;
u_char *p;
Index: cksum/sum2.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/cksum/sum2.c,v
retrieving revision 1.7
diff -c -r1.7 sum2.c
*** cksum/sum2.c 28 Jul 2002 15:08:23 -0000 1.7
--- cksum/sum2.c 17 Feb 2003 18:38:05 -0000
***************
*** 45,53 ****
#include "extern.h"
int
! csum2(int fd, u_int32_t *cval, u_int32_t *clen)
{
! u_int32_t lcrc, total;
int nr;
u_char *p;
u_char buf[8192];
--- 45,54 ----
#include "extern.h"
int
! csum2(int fd, u_int32_t *cval, u_quad_t *clen)
{
! u_int32_t lcrc;
! u_quad_t total;
int nr;
u_char *p;
u_char buf[8192];
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200302181519.h1IFJVOR028887>