/[packages]/updates/5/libplist/current/SOURCES/B0006-Prevent-use-strlen-in-base64decode-when-input-buffer-size-is-known.patch
ViewVC logotype

Contents of /updates/5/libplist/current/SOURCES/B0006-Prevent-use-strlen-in-base64decode-when-input-buffer-size-is-known.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1186922 - (show annotations) (download)
Fri Dec 29 04:22:08 2017 UTC (6 years, 3 months ago) by luigiwalser
File size: 1286 byte(s)
- 1.12
- library major is now 3
- add patches from opensuse to fix several security issues (mga#20232)

1 From ae8b7a0f1a5cf569f52f35fc1f113d0c4f354f6e Mon Sep 17 00:00:00 2001
2 From: Nikias Bassen <nikias@gmx.li>
3 Date: Wed, 14 Dec 2016 02:32:47 +0100
4 Subject: [PATCH] base64: Prevent use of strlen() in base64decode when input
5 buffer size is known
6
7 ---
8 src/base64.c | 15 ++++++++-------
9 1 file changed, 8 insertions(+), 7 deletions(-)
10
11 diff --git a/src/base64.c b/src/base64.c
12 index 1595bd0..7870a79 100644
13 --- a/src/base64.c
14 +++ b/src/base64.c
15 @@ -105,22 +105,23 @@ static int base64decode_block(unsigned char *target, const char *data, size_t da
16
17 unsigned char *base64decode(const char *buf, size_t *size)
18 {
19 - if (!buf) return NULL;
20 - size_t len = strlen(buf);
21 + if (!buf || !size) return NULL;
22 + size_t len = (*size > 0) ? *size : strlen(buf);
23 if (len <= 0) return NULL;
24 unsigned char *outbuf = (unsigned char*)malloc((len/4)*3+3);
25 const char *ptr = buf;
26 int p = 0;
27 + size_t l = 0;
28
29 do {
30 ptr += strspn(ptr, "\r\n\t ");
31 - if (*ptr == '\0') {
32 + if (*ptr == '\0' || ptr >= buf+len) {
33 break;
34 }
35 - len = strcspn(ptr, "\r\n\t ");
36 - if (len > 3) {
37 - p+=base64decode_block(outbuf+p, ptr, len);
38 - ptr += len;
39 + l = strcspn(ptr, "\r\n\t ");
40 + if (l > 3 && ptr+l <= buf+len) {
41 + p+=base64decode_block(outbuf+p, ptr, l);
42 + ptr += l;
43 } else {
44 break;
45 }

  ViewVC Help
Powered by ViewVC 1.1.30