>From e65b678b5d7effaebea82d72df7435e02424506b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <address@hidden>
Date: Tue, 19 Sep 2017 20:56:32 -0700
Subject: [PATCH] shred: reinstate --remove file name length obfuscation

This was unintentionally removed in v8.27-60-g2ae1460
* src/shred.c (wipename): Interate through all name lengths.
* tests/misc/shred-remove.sh: Add test cases.
* NEWS: Mention the bug fix.
Fixes https://bugs.gnu.org/28507
---
 NEWS                       |  4 ++++
 src/shred.c                |  1 -
 tests/misc/shred-remove.sh | 20 ++++++++++++++++++++
 3 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 4ebe3c6..15ae40b 100644
--- a/NEWS
+++ b/NEWS
@@ -18,6 +18,10 @@ GNU coreutils NEWS                                    -*- outline -*-
   ptx -S no longer infloops for a pattern which returns zero-length matches.
   [the bug dates back to the initial implementation]
 
+  shred --remove will again repeatedly rename files with shortening names
+  to attempt to hide the original length of the file name.
+  [bug introduced in coreutils-8.28]
+
 
 * Noteworthy changes in release 8.28 (2017-09-01) [stable]
 
diff --git a/src/shred.c b/src/shred.c
index d1d3883..f2b5d27 100644
--- a/src/shred.c
+++ b/src/shred.c
@@ -1117,7 +1117,6 @@ wipename (char *oldname, char const *qoldname, struct Options const *flags)
                 first = false;
               }
             memcpy (oldname + (base - newname), base, len + 1);
-            break;
           }
       }
 
diff --git a/tests/misc/shred-remove.sh b/tests/misc/shred-remove.sh
index 985a4ab..546c354 100755
--- a/tests/misc/shred-remove.sh
+++ b/tests/misc/shred-remove.sh
@@ -44,4 +44,24 @@ done
 touch $file || framework_failure_
 returns_ 1 shred -n0 --remove=none $file 2>/dev/null || fail=1
 
+# Ensure rename passes complete.
+# coreutils-8.28 did not do the decreasing length rename
+# which may have leaked the length of the removed file name
+printf 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_. |
+sed 's/./&\n/g' | xargs touch || framework_failure_  # test level exhaustion
+touch test 000 || framework_failure_  # test level increment
+shred -vu test 2>out || fail=1
+cat <<\EOF >exp || framework_failure_
+shred: test: removing
+shred: test: renamed to 0000
+shred: 0000: renamed to 001
+shred: 001: renamed to 00
+shred: test: removed
+EOF
+compare out exp || fail=1
+
+# Ensure renames are only retried for EEXIST
+mkdir rodir && cd rodir && touch $file && chmod a-w . || framework_failure_
+returns_ 1 timeout 10 shred -u $file || fail=1
+
 Exit $fail
-- 
2.9.3