sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-15 00:00:16 -04:00
Code Issues Projects Releases Wiki Activity

chunk: Correctly parse Base64 text where four = follow in a row

Browse Source 
That's not correct Base64 but invalid data could trigger this. Since
outlen would get reduced four times, but is only ever increased three
times per iteration, this could result in an integer underflow and then
a potential buffer overflow.
This commit is contained in:
Tobias Brunner 2017-05-04 16:16:33 +02:00
parent f5aef3a020
commit aed77b0961
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libstrongswan/utils/chunk.c
View File

@ -643,7 +643,7 @@ chunk_t chunk_from_base64(chunk_t base64, char *buf)
outlen += 3;
for (j = 0; j < 4; j++)
{
if (*pos == '=')
if (*pos == '=' && outlen > 0)
{
outlen--;
}