This is an automated email from the ASF dual-hosted git repository.
ccollins pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-core.git
commit fa773361fd420e6437e387a13f6ac58151e02bed
Author: Christopher Collins <ccoll...@apache.org>
AuthorDate: Sat Jun 13 10:47:08 2020 -0700
base64: Fail on incomplete input
The code was relying on strchr to detect a misplaced null terminator.
However, from `man strchr`:
The terminating null byte is considered part of the string, so that
if c is specified as '\0', these functions return a pointer to the
terminator.
The fix is to check for a null character separately.
---
encoding/base64/src/base64.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/encoding/base64/src/base64.c b/encoding/base64/src/base64.c
index 30fb079..d36d4f0 100644
--- a/encoding/base64/src/base64.c
+++ b/encoding/base64/src/base64.c
@@ -231,6 +231,10 @@ base64_decoder_go(struct base64_decoder *dec)
/* Detect invalid input. */
for (i = 0; i < read_len; i++) {
sval = dec->src[src_off + i];
+ if (sval == '\0') {
+ /* Incomplete input. */
+ return -1;
+ }
if (sval != '=' && strchr(base64_chars, sval) == NULL) {
/* Invalid base64 character. */
return -1;
