Andrew Geissler | 32b1199 | 2021-03-31 13:37:05 -0500 | [diff] [blame] | 1 | From 7b30fbc3d47dfaf38d8ce8b8949a69d2984dac76 Mon Sep 17 00:00:00 2001 |
| 2 | From: Khem Raj <raj.khem@gmail.com> |
| 3 | Date: Sat, 27 Mar 2021 22:06:03 -0700 |
| 4 | Subject: [PATCH] fix integer overflows |
| 5 | |
| 6 | Author: Jakub Wilk <jwilk@debian.org> |
| 7 | Bug: http://sourceforge.net/tracker/?func=detail&aid=3591129&group_id=152942&atid=785907 |
| 8 | |
| 9 | Upstream-Status: Pending |
| 10 | Signed-off-by: Khem Raj <raj.khem@gmail.com> |
| 11 | --- |
| 12 | src/cdecode.c | 15 ++++++++------- |
| 13 | 1 file changed, 8 insertions(+), 7 deletions(-) |
| 14 | |
| 15 | diff --git a/src/cdecode.c b/src/cdecode.c |
| 16 | index a6c0a42..4e47e9f 100644 |
| 17 | --- a/src/cdecode.c |
| 18 | +++ b/src/cdecode.c |
| 19 | @@ -9,10 +9,11 @@ For details, see http://sourceforge.net/projects/libb64 |
| 20 | |
| 21 | int base64_decode_value(char value_in) |
| 22 | { |
| 23 | - static const char decoding[] = {62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51}; |
| 24 | + static const signed char decoding[] = {62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51}; |
| 25 | static const char decoding_size = sizeof(decoding); |
| 26 | + if (value_in < 43) return -1; |
| 27 | value_in -= 43; |
| 28 | - if (value_in < 0 || value_in >= decoding_size) return -1; |
| 29 | + if (value_in > decoding_size) return -1; |
| 30 | return decoding[(int)value_in]; |
| 31 | } |
| 32 | |
| 33 | @@ -26,7 +27,7 @@ int base64_decode_block(const char* code_in, const int length_in, char* plaintex |
| 34 | { |
| 35 | const char* codechar = code_in; |
| 36 | char* plainchar = plaintext_out; |
| 37 | - char fragment; |
| 38 | + int fragment; |
| 39 | |
| 40 | *plainchar = state_in->plainchar; |
| 41 | |
| 42 | @@ -42,7 +43,7 @@ int base64_decode_block(const char* code_in, const int length_in, char* plaintex |
| 43 | state_in->plainchar = *plainchar; |
| 44 | return plainchar - plaintext_out; |
| 45 | } |
| 46 | - fragment = (char)base64_decode_value(*codechar++); |
| 47 | + fragment = base64_decode_value(*codechar++); |
| 48 | } while (fragment < 0); |
| 49 | *plainchar = (fragment & 0x03f) << 2; |
| 50 | case step_b: |
| 51 | @@ -53,7 +54,7 @@ int base64_decode_block(const char* code_in, const int length_in, char* plaintex |
| 52 | state_in->plainchar = *plainchar; |
| 53 | return plainchar - plaintext_out; |
| 54 | } |
| 55 | - fragment = (char)base64_decode_value(*codechar++); |
| 56 | + fragment = base64_decode_value(*codechar++); |
| 57 | } while (fragment < 0); |
| 58 | *plainchar++ |= (fragment & 0x030) >> 4; |
| 59 | *plainchar = (fragment & 0x00f) << 4; |
| 60 | @@ -65,7 +66,7 @@ int base64_decode_block(const char* code_in, const int length_in, char* plaintex |
| 61 | state_in->plainchar = *plainchar; |
| 62 | return plainchar - plaintext_out; |
| 63 | } |
| 64 | - fragment = (char)base64_decode_value(*codechar++); |
| 65 | + fragment = base64_decode_value(*codechar++); |
| 66 | } while (fragment < 0); |
| 67 | *plainchar++ |= (fragment & 0x03c) >> 2; |
| 68 | *plainchar = (fragment & 0x003) << 6; |
| 69 | @@ -77,7 +78,7 @@ int base64_decode_block(const char* code_in, const int length_in, char* plaintex |
| 70 | state_in->plainchar = *plainchar; |
| 71 | return plainchar - plaintext_out; |
| 72 | } |
| 73 | - fragment = (char)base64_decode_value(*codechar++); |
| 74 | + fragment = base64_decode_value(*codechar++); |
| 75 | } while (fragment < 0); |
| 76 | *plainchar++ |= (fragment & 0x03f); |
| 77 | } |