commit afd77a536ce84c934f56eae4f69d831fbd238d9a
author Zhikui Ren <zhikui.ren@intel.com> Wed Jul 29 09:55:03 2020 -0700
committer Zhikui Ren <zhikui.ren@intel.com> Thu Jul 30 21:52:30 2020 +0000
tree ea58038cd1f043d5da0e2d6376181eda28aa52e9
parent 74eec26b6ba3b14716db87cb8a837c33bdb69f62

Add out of bounds check in base64Decode

Use size_t type and check for out of bounds when index
into static const decodingData.

Tested:
Build with change and BMC web run as before.

Signed-off-by: Zhikui Ren <zhikui.ren@intel.com>
Change-Id: Ib891d36f79f80b579423b40da493ae6749db5a54

http/utility.h

diff --git a/http/utility.h b/http/utility.h
index 8254091..a8bb5e1 100644
--- a/http/utility.h
+++ b/http/utility.h
@@ -632,7 +632,7 @@
 {
     static const char nop = static_cast<char>(-1);
     // See note on encoding_data[] in above function
-    static const char decodingData[] = {
+    static const std::array<char, 256> decodingData = {
         nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
         nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
         nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
@@ -662,7 +662,6 @@
     // for each 4-bytes sequence from the input, extract 4 6-bits sequences by
     // dropping first two bits
     // and regenerate into 3 8-bits sequences
-
     for (size_t i = 0; i < inputLength; i++)
     {
         char base64code0;
@@ -670,7 +669,14 @@
         char base64code2 = 0; // initialized to 0 to suppress warnings
         char base64code3;
 
-        base64code0 = decodingData[static_cast<int>(input[i])]; // NOLINT
+        size_t index = static_cast<size_t>(input[i]);
+        if (index > decodingData.size())
+        {
+            // index out of bound
+            return false;
+        }
+
+        base64code0 = decodingData[index]; // NOLINT
         if (base64code0 == nop)
         { // non base64 character
             return false;
@@ -680,7 +686,7 @@
           // byte output
             return false;
         }
-        base64code1 = decodingData[static_cast<int>(input[i])]; // NOLINT
+        base64code1 = decodingData[index]; // NOLINT
         if (base64code1 == nop)
         { // non base64 character
             return false;
@@ -695,7 +701,15 @@
             { // padding , end of input
                 return (base64code1 & 0x0f) == 0;
             }
-            base64code2 = decodingData[static_cast<int>(input[i])]; // NOLINT
+
+            index = static_cast<size_t>(input[i]);
+            if (index > decodingData.size())
+            {
+                // index out of bound
+                return false;
+            }
+
+            base64code2 = decodingData[index]; // NOLINT
             if (base64code2 == nop)
             { // non base64 character
                 return false;
@@ -711,7 +725,15 @@
             { // padding , end of input
                 return (base64code2 & 0x03) == 0;
             }
-            base64code3 = decodingData[static_cast<int>(input[i])]; // NOLINT
+
+            index = static_cast<size_t>(input[i]);
+            if (index > decodingData.size())
+            {
+                // index out of bound
+                return false;
+            }
+
+            base64code3 = decodingData[index]; // NOLINT
             if (base64code3 == nop)
             { // non base64 character
                 return false;