Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 497a421571ce561308d0501e73cb2c8128296fa7 / . / meta-openembedded / meta-oe / recipes-support / libb64 / libb64 / 0003-fix-integer-overflows.patch
blob: 8854bb6af414242be8e329e228814758fbea6e63 [file] [log] [blame]
Andrew Geissler32b11992021-03-31 13:37:05 -0500[diff] [blame]1From 7b30fbc3d47dfaf38d8ce8b8949a69d2984dac76 Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Sat, 27 Mar 2021 22:06:03 -0700
4Subject: [PATCH] fix integer overflows
5
6Author: Jakub Wilk <jwilk@debian.org>
7Bug: http://sourceforge.net/tracker/?func=detail&aid=3591129&group_id=152942&atid=785907
8
9Upstream-Status: Pending
10Signed-off-by: Khem Raj <raj.khem@gmail.com>
11---
12 src/cdecode.c | 15 ++++++++-------
13 1 file changed, 8 insertions(+), 7 deletions(-)
14
15diff --git a/src/cdecode.c b/src/cdecode.c
16index a6c0a42..4e47e9f 100644
17--- a/src/cdecode.c
18+++ b/src/cdecode.c
19@@ -9,10 +9,11 @@ For details, see http://sourceforge.net/projects/libb64
20
21 int base64_decode_value(char value_in)
22 {
23- static const char decoding[] = {62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51};
24+ static const signed char decoding[] = {62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51};
25 static const char decoding_size = sizeof(decoding);
26+ if (value_in < 43) return -1;
27 value_in -= 43;
28- if (value_in < 0 || value_in >= decoding_size) return -1;
29+ if (value_in > decoding_size) return -1;
30 return decoding[(int)value_in];
31 }
32
33@@ -26,7 +27,7 @@ int base64_decode_block(const char* code_in, const int length_in, char* plaintex
34 {
35 const char* codechar = code_in;
36 char* plainchar = plaintext_out;
37- char fragment;
38+ int fragment;
39
40 *plainchar = state_in->plainchar;
41
42@@ -42,7 +43,7 @@ int base64_decode_block(const char* code_in, const int length_in, char* plaintex
43 state_in->plainchar = *plainchar;
44 return plainchar - plaintext_out;
45 }
46- fragment = (char)base64_decode_value(*codechar++);
47+ fragment = base64_decode_value(*codechar++);
48 } while (fragment < 0);
49 *plainchar = (fragment & 0x03f) << 2;
50 case step_b:
51@@ -53,7 +54,7 @@ int base64_decode_block(const char* code_in, const int length_in, char* plaintex
52 state_in->plainchar = *plainchar;
53 return plainchar - plaintext_out;
54 }
55- fragment = (char)base64_decode_value(*codechar++);
56+ fragment = base64_decode_value(*codechar++);
57 } while (fragment < 0);
58 *plainchar++ |= (fragment & 0x030) >> 4;
59 *plainchar = (fragment & 0x00f) << 4;
60@@ -65,7 +66,7 @@ int base64_decode_block(const char* code_in, const int length_in, char* plaintex
61 state_in->plainchar = *plainchar;
62 return plainchar - plaintext_out;
63 }
64- fragment = (char)base64_decode_value(*codechar++);
65+ fragment = base64_decode_value(*codechar++);
66 } while (fragment < 0);
67 *plainchar++ |= (fragment & 0x03c) >> 2;
68 *plainchar = (fragment & 0x003) << 6;
69@@ -77,7 +78,7 @@ int base64_decode_block(const char* code_in, const int length_in, char* plaintex
70 state_in->plainchar = *plainchar;
71 return plainchar - plaintext_out;
72 }
73- fragment = (char)base64_decode_value(*codechar++);
74+ fragment = base64_decode_value(*codechar++);
75 } while (fragment < 0);
76 *plainchar++ |= (fragment & 0x03f);
77 }