bin/56897: cksum(1): hash functions dump core if a directory is fed in `-c' input

[rvp%SDF.ORG@localhost]

>Number:         56897
>Category:       bin
>Synopsis:       cksum(1): hash functions dump core if a directory is fed in `-c' input
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Jun 21 08:25:00 +0000 2022
>Originator:     RVP
>Release:        NetBSD/amd64 9.99.97
>Organization:
>Environment:
NetBSD  9.99.97 NetBSD 9.99.97 (GENERIC) #0: Thu Jun  9 07:01:27 UTC 2022  mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
I accidentally fed a directory name instead for a filename to sha256(1)
and it dumped core on me:

$ echo "0 /tmp" | sha256 -c
Segmentation fault (core dumped)
$ 

The other "hash" functions do the same.
>How-To-Repeat:
As above.
>Fix:
This fixes it for me:

---START---
diff -urN usr.bin/cksum.orig/cksum.c usr.bin/cksum/cksum.c
--- usr.bin/cksum.orig/cksum.c	2021-08-25 23:03:01.000000000 +0000
+++ usr.bin/cksum/cksum.c	2022-06-21 07:41:27.347025576 +0000
@@ -421,8 +421,10 @@
 			strlcpy(cksum, p_cksum, l_cksum+1);
 
 			if (hash) {
-				if (access(filename, R_OK) == 0
-				    && strcmp(cksum, hash->filefunc(filename, NULL)) == 0)
+				char* h;
+				if (access(filename, R_OK) == 0 
+				    && (h = hash->filefunc(filename, NULL)) != NULL
+				    && strcmp(cksum, h) == 0)
 					ok = 1;
 				else
 					ok = 0;

---END---