You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by vi...@apache.org on 2019/10/16 22:08:35 UTC

[mynewt-core] branch master updated: base64: check for buffer overflow and cleanup

This is an automated email from the ASF dual-hosted git repository.

vipulrahane pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-core.git


The following commit(s) were added to refs/heads/master by this push:
     new e1d13e6  base64: check for buffer overflow and cleanup
     new d2239ca  Merge pull request #2048 from vrahane/stats_conf_fix_review
e1d13e6 is described below

commit e1d13e6a319d140e316a84114b190257fe486e8d
Author: Vipul Rahane <vr...@gmail.com>
AuthorDate: Wed Oct 16 14:10:05 2019 -0700

    base64: check for buffer overflow and cleanup
    
    - Check for buffer overflow after each pointer increment
      since 0 is a valid marker
---
 encoding/base64/src/base64.c | 35 ++++++++++++++++++++++++++---------
 1 file changed, 26 insertions(+), 9 deletions(-)

diff --git a/encoding/base64/src/base64.c b/encoding/base64/src/base64.c
index 4ec074b..999958f 100644
--- a/encoding/base64/src/base64.c
+++ b/encoding/base64/src/base64.c
@@ -156,13 +156,16 @@ base64_decode(const char *str, void *data)
     for (p = str; *p && (*p == '=' || strchr(base64_chars, *p)); p += 4) {
         unsigned int val = token_decode(p);
         unsigned int marker = (val >> 24) & 0xff;
-        if (val == DECODE_ERROR)
+        if (val == DECODE_ERROR) {
             return -1;
+        }
         *q++ = (val >> 16) & 0xff;
-        if (marker < 2)
+        if (marker < 2) {
             *q++ = (val >> 8) & 0xff;
-        if (marker < 1)
+        }
+        if (marker < 1) {
             *q++ = val & 0xff;
+        }
     }
     return q - (unsigned char *) data;
 }
@@ -175,19 +178,33 @@ base64_decode_maxlen(const char *str, void *data, int len)
 
     q = data;
     for (p = str; *p && (*p == '=' || strchr(base64_chars, *p)); p += 4) {
-        if (q - (unsigned char *)data >= len) {
-            break;
-        }
         unsigned int val = token_decode(p);
         unsigned int marker = (val >> 24) & 0xff;
-        if (val == DECODE_ERROR)
+
+        if (val == DECODE_ERROR) {
             return -1;
+        }
+
         *q++ = (val >> 16) & 0xff;
-        if (marker < 2)
+        if (q - (unsigned char *)data >= len) {
+            break;
+        }
+
+        if (marker < 2) {
             *q++ = (val >> 8) & 0xff;
-        if (marker < 1)
+            if (q - (unsigned char *)data >= len) {
+                break;
+            }
+        }
+
+        if (marker < 1) {
             *q++ = val & 0xff;
+            if (q - (unsigned char *)data >= len) {
+                break;
+            }
+        }
     }
+
     return q - (unsigned char *) data;
 }