You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by vi...@apache.org on 2019/10/16 22:08:35 UTC
[mynewt-core] branch master updated: base64: check for buffer
overflow and cleanup
This is an automated email from the ASF dual-hosted git repository.
vipulrahane pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-core.git
The following commit(s) were added to refs/heads/master by this push:
new e1d13e6 base64: check for buffer overflow and cleanup
new d2239ca Merge pull request #2048 from vrahane/stats_conf_fix_review
e1d13e6 is described below
commit e1d13e6a319d140e316a84114b190257fe486e8d
Author: Vipul Rahane <vr...@gmail.com>
AuthorDate: Wed Oct 16 14:10:05 2019 -0700
base64: check for buffer overflow and cleanup
- Check for buffer overflow after each pointer increment
since 0 is a valid marker
---
encoding/base64/src/base64.c | 35 ++++++++++++++++++++++++++---------
1 file changed, 26 insertions(+), 9 deletions(-)
diff --git a/encoding/base64/src/base64.c b/encoding/base64/src/base64.c
index 4ec074b..999958f 100644
--- a/encoding/base64/src/base64.c
+++ b/encoding/base64/src/base64.c
@@ -156,13 +156,16 @@ base64_decode(const char *str, void *data)
for (p = str; *p && (*p == '=' || strchr(base64_chars, *p)); p += 4) {
unsigned int val = token_decode(p);
unsigned int marker = (val >> 24) & 0xff;
- if (val == DECODE_ERROR)
+ if (val == DECODE_ERROR) {
return -1;
+ }
*q++ = (val >> 16) & 0xff;
- if (marker < 2)
+ if (marker < 2) {
*q++ = (val >> 8) & 0xff;
- if (marker < 1)
+ }
+ if (marker < 1) {
*q++ = val & 0xff;
+ }
}
return q - (unsigned char *) data;
}
@@ -175,19 +178,33 @@ base64_decode_maxlen(const char *str, void *data, int len)
q = data;
for (p = str; *p && (*p == '=' || strchr(base64_chars, *p)); p += 4) {
- if (q - (unsigned char *)data >= len) {
- break;
- }
unsigned int val = token_decode(p);
unsigned int marker = (val >> 24) & 0xff;
- if (val == DECODE_ERROR)
+
+ if (val == DECODE_ERROR) {
return -1;
+ }
+
*q++ = (val >> 16) & 0xff;
- if (marker < 2)
+ if (q - (unsigned char *)data >= len) {
+ break;
+ }
+
+ if (marker < 2) {
*q++ = (val >> 8) & 0xff;
- if (marker < 1)
+ if (q - (unsigned char *)data >= len) {
+ break;
+ }
+ }
+
+ if (marker < 1) {
*q++ = val & 0xff;
+ if (q - (unsigned char *)data >= len) {
+ break;
+ }
+ }
}
+
return q - (unsigned char *) data;
}