svn commit: r280398 - stable/10/lib/libc/net
Ed Maste
emaste at FreeBSD.org
Mon Mar 23 20:50:30 UTC 2015
Author: emaste
Date: Mon Mar 23 20:50:28 2015
New Revision: 280398
URL: https://svnweb.freebsd.org/changeset/base/280398
Log:
MFC r275060: Fix b64_pton output buffer overrun test for exact-sized buffer
b64_pton would sometimes erroneously fail to decode a base64 string into
a precisely sized buffer. The overflow check was a little too greedy.
Modified:
stable/10/lib/libc/net/base64.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/lib/libc/net/base64.c
==============================================================================
--- stable/10/lib/libc/net/base64.c Mon Mar 23 20:02:16 2015 (r280397)
+++ stable/10/lib/libc/net/base64.c Mon Mar 23 20:50:28 2015 (r280398)
@@ -199,6 +199,7 @@ b64_pton(src, target, targsize)
size_t targsize;
{
int tarindex, state, ch;
+ u_char nextbyte;
char *pos;
state = 0;
@@ -226,22 +227,28 @@ b64_pton(src, target, targsize)
break;
case 1:
if (target) {
- if ((size_t)tarindex + 1 >= targsize)
+ if ((size_t)tarindex >= targsize)
return (-1);
target[tarindex] |= (pos - Base64) >> 4;
- target[tarindex+1] = ((pos - Base64) & 0x0f)
- << 4 ;
+ nextbyte = ((pos - Base64) & 0x0f) << 4;
+ if ((size_t)tarindex + 1 < targsize)
+ target[tarindex + 1] = nextbyte;
+ else if (nextbyte)
+ return (-1);
}
tarindex++;
state = 2;
break;
case 2:
if (target) {
- if ((size_t)tarindex + 1 >= targsize)
+ if ((size_t)tarindex >= targsize)
return (-1);
target[tarindex] |= (pos - Base64) >> 2;
- target[tarindex+1] = ((pos - Base64) & 0x03)
- << 6;
+ nextbyte = ((pos - Base64) & 0x03) << 6;
+ if ((size_t)tarindex + 1 < targsize)
+ target[tarindex + 1] = nextbyte;
+ else if (nextbyte)
+ return (-1);
}
tarindex++;
state = 3;
@@ -299,7 +306,8 @@ b64_pton(src, target, targsize)
* zeros. If we don't check them, they become a
* subliminal channel.
*/
- if (target && target[tarindex] != 0)
+ if (target && (size_t)tarindex < targsize &&
+ target[tarindex] != 0)
return (-1);
}
} else {
More information about the svn-src-stable-10
mailing list