diff options
Diffstat (limited to 'src/lib/libc')
| -rw-r--r-- | src/lib/libc/net/base64.c | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/src/lib/libc/net/base64.c b/src/lib/libc/net/base64.c index 78ef449a75..7c3d1d319f 100644 --- a/src/lib/libc/net/base64.c +++ b/src/lib/libc/net/base64.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: base64.c,v 1.6 2013/11/24 23:51:28 deraadt Exp $ */ | 1 | /* $OpenBSD: base64.c,v 1.7 2013/12/31 02:32:56 tedu Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 1996 by Internet Software Consortium. | 4 | * Copyright (c) 1996 by Internet Software Consortium. |
| @@ -194,6 +194,7 @@ b64_pton(src, target, targsize) | |||
| 194 | size_t targsize; | 194 | size_t targsize; |
| 195 | { | 195 | { |
| 196 | int tarindex, state, ch; | 196 | int tarindex, state, ch; |
| 197 | u_char nextbyte; | ||
| 197 | char *pos; | 198 | char *pos; |
| 198 | 199 | ||
| 199 | state = 0; | 200 | state = 0; |
| @@ -221,22 +222,28 @@ b64_pton(src, target, targsize) | |||
| 221 | break; | 222 | break; |
| 222 | case 1: | 223 | case 1: |
| 223 | if (target) { | 224 | if (target) { |
| 224 | if (tarindex + 1 >= targsize) | 225 | if (tarindex >= targsize) |
| 225 | return (-1); | 226 | return (-1); |
| 226 | target[tarindex] |= (pos - Base64) >> 4; | 227 | target[tarindex] |= (pos - Base64) >> 4; |
| 227 | target[tarindex+1] = ((pos - Base64) & 0x0f) | 228 | nextbyte = ((pos - Base64) & 0x0f) << 4; |
| 228 | << 4 ; | 229 | if (tarindex + 1 < targsize) |
| 230 | target[tarindex+1] = nextbyte; | ||
| 231 | else if (nextbyte) | ||
| 232 | return (-1); | ||
| 229 | } | 233 | } |
| 230 | tarindex++; | 234 | tarindex++; |
| 231 | state = 2; | 235 | state = 2; |
| 232 | break; | 236 | break; |
| 233 | case 2: | 237 | case 2: |
| 234 | if (target) { | 238 | if (target) { |
| 235 | if (tarindex + 1 >= targsize) | 239 | if (tarindex >= targsize) |
| 236 | return (-1); | 240 | return (-1); |
| 237 | target[tarindex] |= (pos - Base64) >> 2; | 241 | target[tarindex] |= (pos - Base64) >> 2; |
| 238 | target[tarindex+1] = ((pos - Base64) & 0x03) | 242 | nextbyte = ((pos - Base64) & 0x03) << 6; |
| 239 | << 6; | 243 | if (tarindex + 1 < targsize) |
| 244 | target[tarindex+1] = nextbyte; | ||
| 245 | else if (nextbyte) | ||
| 246 | return (-1); | ||
| 240 | } | 247 | } |
| 241 | tarindex++; | 248 | tarindex++; |
| 242 | state = 3; | 249 | state = 3; |
| @@ -292,7 +299,8 @@ b64_pton(src, target, targsize) | |||
| 292 | * zeros. If we don't check them, they become a | 299 | * zeros. If we don't check them, they become a |
| 293 | * subliminal channel. | 300 | * subliminal channel. |
| 294 | */ | 301 | */ |
| 295 | if (target && target[tarindex] != 0) | 302 | if (target && tarindex < targsize && |
| 303 | target[tarindex] != 0) | ||
| 296 | return (-1); | 304 | return (-1); |
| 297 | } | 305 | } |
| 298 | } else { | 306 | } else { |