don't try writing past the end unless we have to

ok gilles millert
author: tedu <> 2013-12-31 02:32:56 +0000
committer: tedu <> 2013-12-31 02:32:56 +0000
commit: eb4db0ab616f0dfed0cc0ed08be18d66e257f583 (patch)
tree: 73762b3e48ee72aa6966cbc8631cdef601cf220e /src/lib
parent: 382438d17af9b7ccce3e4d3890cc9b1785f14d71 (diff)
download: openbsd-eb4db0ab616f0dfed0cc0ed08be18d66e257f583.tar.gz
openbsd-eb4db0ab616f0dfed0cc0ed08be18d66e257f583.tar.bz2
openbsd-eb4db0ab616f0dfed0cc0ed08be18d66e257f583.zip
1 files changed, 16 insertions, 8 deletions
diff --git a/src/lib/libc/net/base64.c b/src/lib/libc/net/base64.c
index 78ef449a75..7c3d1d319f 100644
--- a/src/lib/libc/net/base64.c
+++ b/src/lib/libc/net/base64.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: base64.c,v 1.6 2013/11/24 23:51:28 deraadt Exp $      */
+/*      $OpenBSD: base64.c,v 1.7 2013/12/31 02:32:56 tedu Exp $ */
 /*
 * Copyright (c) 1996 by Internet Software Consortium.
@@ -194,6 +194,7 @@ b64_pton(src, target, targsize)
        size_t targsize;
 {
        int tarindex, state, ch;
+        u_char nextbyte;
        char *pos;
        state = 0;
@@ -221,22 +222,28 @@ b64_pton(src, target, targsize)
                        break;
                case 1:
                        if (target) {
-                                if (tarindex + 1 >= targsize)
+                                if (tarindex >= targsize)
                                        return (-1);
                                target[tarindex]   |=  (pos - Base64) >> 4;
-                                target[tarindex+1]  = ((pos - Base64) & 0x0f)
+                                nextbyte = ((pos - Base64) & 0x0f) << 4;
-                                                        << 4 ;
+                                if (tarindex + 1 < targsize)
+                                        target[tarindex+1] = nextbyte;
+                                else if (nextbyte)
+                                        return (-1);
                        }
                        tarindex++;
                        state = 2;
                        break;
                case 2:
                        if (target) {
-                                if (tarindex + 1 >= targsize)
+                                if (tarindex >= targsize)
                                        return (-1);
                                target[tarindex]   |=  (pos - Base64) >> 2;
-                                target[tarindex+1]  = ((pos - Base64) & 0x03)
+                                nextbyte = ((pos - Base64) & 0x03) << 6;
-                                                        << 6;
+                                if (tarindex + 1 < targsize)
+                                        target[tarindex+1] = nextbyte;
+                                else if (nextbyte)
+                                        return (-1);
                        }
                        tarindex++;
                        state = 3;
@@ -292,7 +299,8 @@ b64_pton(src, target, targsize)
                         * zeros.  If we don't check them, they become a
                         * subliminal channel.
                         */
-                        if (target && target[tarindex] != 0)
+                        if (target && tarindex < targsize &&
+                            target[tarindex] != 0)
                                return (-1);
                }
        } else {
author	tedu <>	2013-12-31 02:32:56 +0000
committer	tedu <>	2013-12-31 02:32:56 +0000
commit	eb4db0ab616f0dfed0cc0ed08be18d66e257f583 (patch)
tree	73762b3e48ee72aa6966cbc8631cdef601cf220e /src/lib
parent	382438d17af9b7ccce3e4d3890cc9b1785f14d71 (diff)
download	openbsd-eb4db0ab616f0dfed0cc0ed08be18d66e257f583.tar.gz openbsd-eb4db0ab616f0dfed0cc0ed08be18d66e257f583.tar.bz2 openbsd-eb4db0ab616f0dfed0cc0ed08be18d66e257f583.zip