From 9a8339737696434daa7ecf13febcdb5dc6d93769 Mon Sep 17 00:00:00 2001
From: Steffen Jaeckel <s@jaeckel.eu>
Date: Wed, 20 Sep 2017 17:29:05 +0200
Subject: [PATCH] catch case where we could BOF should_buffer[]

[skip ci]
---
 demos/hashsum.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/demos/hashsum.c b/demos/hashsum.c
index f9d53ae..9f25d0f 100644
--- a/demos/hashsum.c
+++ b/demos/hashsum.c
@@ -98,6 +98,11 @@ static void check_file(int argn, int argc, char **argv)
          hash_len = space - s;
          hash_len /= 2;
 
+         if (hash_len > sizeof(should_buffer)) {
+            fprintf(stderr, "%s: hash too long\n", hashsum);
+            goto ERR;
+         }
+
          /* convert the hex-string back to binary */
          for (x = 0; x < hash_len; ++x) {
             should_buffer[x] = HEXOF(s[x*2]) << 4 | HEXOF(s[x*2 + 1]);