sha256check assumes that sha256sum returns valid hash sum

[GoogleCodeExporter]

What steps will reproduce the problem?
1. echo "#!/bin/sh\necho I am evil.\n" > sha256sum ; chmod a+x sha256sum
2. echo "int checksum_check(void)" > whatever.c
3. perl sha256check.pl whatever.c whatever_sum.c ./ -t whatever.c

What is the expected output? What do you see instead?

Some sort of failure is expected, instead we can insert arbitrary checksums of 
our choosing into the *_sum.c files:

snprintf(strs[0], 512, "I am evil.\n");

The $cs_cmd is fed directly to an execution operator without verifying whether 
the utility exists; but more importantly the output of that execution isn't 
checked for validity. Instead of using the return verbatim, it ought to be 
checked via regex to make sure that it looks like a hash.

What version of the product are you using? On what operating system?

$ svn info sha256check.pl 
Path: sha256check.pl
Name: sha256check.pl
URL: http://all-eyes.googlecode.com/svn/trunk/src/ae/utils/bin/sha256check.pl
Repository Root: http://all-eyes.googlecode.com/svn
Repository UUID: 2862ca4a-4f57-e750-6f19-d5026df31d27
Revision: 971
Node Kind: file
Schedule: normal
Last Changed Author: todddchu
Last Changed Rev: 338
Last Changed Date: 2012-10-21 07:02:24 -0400 (Sun, 21 Oct 2012)
Text Last Updated: 2012-11-21 19:59:55 -0500 (Wed, 21 Nov 2012)
Checksum: dcbdbf685ac4ddbe9ac6273736b96c7c

Using Mac OS X, but the problem exists for any OS without sha256sum in path...

Original issue reported on code.google.com by amoun...@students.poly.edu on 22 Nov 2012 at 1:26

[GoogleCodeExporter]

It would be better to implement the SHA digest within Perl, rather than rely on 
an external executable that may or may not be there.

http://search.cpan.org/~mshelor/Digest-SHA-5.73/lib/Digest/SHA.pm

Original comment by amoun...@students.poly.edu on 22 Nov 2012 at 2:06

[GoogleCodeExporter]

This is actually rather serious, since you could have the phony sha256sum 
script output arbitrary C code that will be written into your checksum script 
which will then be executed by ae.

#!/bin/sh
echo "I am the evil sha256sum.\"); system(\"cat /etc/passwd\"); printf(\""
# EOF

Ends up generating the following C code...

snprintf(strs[0], 512, "I am the evil sha256sum."); system("cat /etc/passwd"); 
printf("\n");

Original comment by amoun...@students.poly.edu on 22 Nov 2012 at 2:33

[GoogleCodeExporter]

This is invalid. The reason is that AllEyes design calls 

For none C language monitor, we use the method of checking the SHA256 checksum 
during run-time to ensure that the monitor is a valid monitor. To accomplish 
this, we do the following steps:

    1. There is a small C program that is used to link with the 'ae' daemon to launch the none C language monitor during run-time
    2. Before the compilation of the ae daemon and monitor code, including the small C program, we call sha256check.pl, which calls the system command shar256, to calculate the SHA256 checksum of the none C language monitor code. This checksum value is embedded into the small C program for compilation (hence the generated file *_sum.c) of the ae daemon. That is why you should only see the file sha256check.pl is used in the Makefile of a monitor
    3. After the compilation, the 'ae' daemon process should include the checksum value of the monitor from step 2 above
    4. During run-time, when 'ae' daemon process starts the monitor, it first re-calculates the the SH256 checksum of the monitor, then, compares the checksum value with the embedded value to make sure they are the same. Please note that the file sha256check.pl is not part of the release package and is not installed or called anywhere on a production system.
    5. For the none C language monitor, the monitor source code does not include anything that should relate to how the checksum is calculated. All checksum work is done prior to the compilation of the ae daemon or during run-time by the ae daemon itself.

Mark the bug as invalid.

Original comment by toddd...@gmail.com on 25 Nov 2012 at 8:27

• Changed state: Invalid