diff -urNp coreutils-6.10-orig/src/md5sum.c coreutils-6.10/src/md5sum.c
--- coreutils-6.10-orig/src/md5sum.c	2007-11-25 14:23:31.000000000 +0100
+++ coreutils-6.10/src/md5sum.c	2008-04-15 21:04:09.000000000 +0200
@@ -205,6 +205,9 @@ bsd_split_3 (char *s, size_t s_len, unsi
 {
   size_t i;
 
+	if (s_len ==0)
+		return false;
+
   *file_name = s;
 
   /* Find end of filename. The BSD 'md5' and 'sha1' commands do not escape
diff -urNp coreutils-6.10-orig/src/md5sum.c coreutils-6.10/src/md5sum.c
--- coreutils-6.10-orig/src/md5sum.c	2008-05-13 15:09:09.000000000 +0200
+++ coreutils-6.10/src/md5sum.c	2008-05-13 15:10:59.000000000 +0200
@@ -343,16 +343,19 @@ split_3 (char *s, size_t s_len,
   return true;
 }
 
+/* Return true if S is a NUL-terminated string of DIGEST_HEX_BYTES hex digits.
+   Otherwise, return false.  */
 static bool
 hex_digits (unsigned char const *s)
 {
-  while (*s)
+  unsigned int i;
+  for (i = 0; i < digest_hex_bytes; i++)
     {
       if (!isxdigit (*s))
         return false;
       ++s;
     }
-  return true;
+  return *s == '\0';
 }
 
 /* An interface to the function, DIGEST_STREAM.
diff -urNp coreutils-6.10-orig/tests/misc/sha1sum coreutils-6.10/tests/misc/sha1sum
--- coreutils-6.10-orig/tests/misc/sha1sum	2007-12-13 00:14:28.000000000 +0100
+++ coreutils-6.10/tests/misc/sha1sum	2008-04-15 21:05:43.000000000 +0200
@@ -29,7 +29,7 @@ exec $PERL -w -I$srcdir/.. -MCoreutils -M"CuTmpdir qw($me)" -- - <<\EOF
 require 5.003;
 use strict;
 
-(my $program_name = $0) =~ s|.*/||;
+my $prog = 'sha1sum';
 
 # Turn off localisation of executable's ouput.
 @ENV{qw(LANGUAGE LANG LC_ALL)} = ('C') x 3;
@@ -72,6 +72,8 @@ my @Tests =
      ['check-bsd3', '--check', '--status',
 			{IN=> {'f.sha1' => "SHA1 (f) = $sha_degenerate\n"}},
 			{AUX=> {f=> 'bar'}}, {EXIT=> 1}],
+     ['bsd-segv', '--check', {IN=> {'z' => "SHA1 ("}}, {EXIT=> 1},
+      {ERR=> "$prog: z: no properly formatted SHA1 checksum lines found\n"}],
     );
 
 # Insert the `--text' argument for each test.
@@ -86,7 +88,6 @@ foreach $t (@Tests)
 my $save_temps = $ENV{DEBUG};
 my $verbose = $ENV{VERBOSE};
 
-my $prog = 'sha1sum';
-my $fail = run_tests ($program_name, $prog, \@Tests, $save_temps, $verbose);
+my $fail = run_tests ($prog, $prog, \@Tests, $save_temps, $verbose);
 exit $fail;
 EOF
diff -urNp coreutils-6.10-orig/tests/misc/md5sum coreutils-6.10/tests/misc/md5sum
--- coreutils-6.10-orig/tests/misc/md5sum	2007-12-13 00:14:28.000000000 +0100
+++ coreutils-6.10/tests/misc/md5sum	2008-05-13 15:15:48.000000000 +0200
@@ -70,6 +70,15 @@ my @Tests =
      ['check-bsd3', '--check', '--status',
 				{IN=> {'f.md5' => "MD5 (f) = $degenerate\n"}},
 				{AUX=> {f=> 'bar'}}, {EXIT=> 1}],
+     ['bsd-segv', '--check', {IN=> {'z' => "MD5 ("}}, {EXIT=> 1},
+       {ERR=> "md5sum: z: no properly formatted MD5 checksum lines found\n"}],
+     # Ensure that when there's a NUL byte among the checksum hex digits
+     # we detect the invalid formatting and don't even open the file.
+     # Up to coreutils-6.10, this would report:
+     #   h: FAILED
+     #   md5sum: WARNING: 1 of 1 computed checksum did NOT match
+     ['nul-in-cksum', '--check', {IN=> {'h'=>("\0"x32)."  h\n"}}, {EXIT=> 1},
+      {ERR=> "md5sum: h: no properly formatted MD5 checksum lines found\n"}],
     );
 
 # Insert the `--text' argument for each test.