mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-06 23:27:04 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: base64: base64urldec() ignores padding in output size check

Browse Source 
Without this fix, the decode function would proceed even when the output
buffer is not large enough, because the padding was not considered. For
example, it would not fail with the input length of 23 and the output
buffer size of 15, even the actual decoded output size is 17.

This patch should be backported to all stable branches that have a
base64urldec() function available.
This commit is contained in:
Dragan Dosen 2021-08-25 11:57:01 +02:00 committed by Willy Tarreau
parent 14c3c5c121
commit 61aa4428c1
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/base64.c
View File

@ -194,9 +194,6 @@ int base64urldec(const char *in, size_t ilen, char *out, size_t olen)
signed char b;
int convlen = 0, i = 0, pad = 0, padlen = 0;
if (olen < ((ilen / 4 * 3)))
return -2;
switch (ilen % 4) {
case 0:
break;
@ -210,6 +207,9 @@ int base64urldec(const char *in, size_t ilen, char *out, size_t olen)
return -1;
}
if (olen < (((ilen + pad) / 4 * 3) - pad))
return -2;
while (ilen + pad) {
if (ilen) {
/* if (*p < UB64CMIN || *p > B64CMAX) */