diff options
author | Nikias Bassen | 2016-12-14 02:32:47 +0100 |
---|---|---|
committer | Nikias Bassen | 2016-12-14 02:32:47 +0100 |
commit | ae8b7a0f1a5cf569f52f35fc1f113d0c4f354f6e (patch) | |
tree | 786305d69ec6a23442adbce187d826eb14848c02 | |
parent | 5e8fb617b8f7857693e7b41f56eaa6767ed6a54d (diff) | |
download | libplist-ae8b7a0f1a5cf569f52f35fc1f113d0c4f354f6e.tar.gz libplist-ae8b7a0f1a5cf569f52f35fc1f113d0c4f354f6e.tar.bz2 |
base64: Prevent use of strlen() in base64decode when input buffer size is known
-rw-r--r-- | src/base64.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/src/base64.c b/src/base64.c index 1595bd0..7870a79 100644 --- a/src/base64.c +++ b/src/base64.c @@ -105,22 +105,23 @@ static int base64decode_block(unsigned char *target, const char *data, size_t da unsigned char *base64decode(const char *buf, size_t *size) { - if (!buf) return NULL; - size_t len = strlen(buf); + if (!buf || !size) return NULL; + size_t len = (*size > 0) ? *size : strlen(buf); if (len <= 0) return NULL; unsigned char *outbuf = (unsigned char*)malloc((len/4)*3+3); const char *ptr = buf; int p = 0; + size_t l = 0; do { ptr += strspn(ptr, "\r\n\t "); - if (*ptr == '\0') { + if (*ptr == '\0' || ptr >= buf+len) { break; } - len = strcspn(ptr, "\r\n\t "); - if (len > 3) { - p+=base64decode_block(outbuf+p, ptr, len); - ptr += len; + l = strcspn(ptr, "\r\n\t "); + if (l > 3 && ptr+l <= buf+len) { + p+=base64decode_block(outbuf+p, ptr, l); + ptr += l; } else { break; } |