This is an automated email from the ASF dual-hosted git repository. ccollins pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/mynewt-core.git
commit fa773361fd420e6437e387a13f6ac58151e02bed Author: Christopher Collins <ccoll...@apache.org> AuthorDate: Sat Jun 13 10:47:08 2020 -0700 base64: Fail on incomplete input The code was relying on strchr to detect a misplaced null terminator. However, from `man strchr`: The terminating null byte is considered part of the string, so that if c is specified as '\0', these functions return a pointer to the terminator. The fix is to check for a null character separately. --- encoding/base64/src/base64.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/encoding/base64/src/base64.c b/encoding/base64/src/base64.c index 30fb079..d36d4f0 100644 --- a/encoding/base64/src/base64.c +++ b/encoding/base64/src/base64.c @@ -231,6 +231,10 @@ base64_decoder_go(struct base64_decoder *dec) /* Detect invalid input. */ for (i = 0; i < read_len; i++) { sval = dec->src[src_off + i]; + if (sval == '\0') { + /* Incomplete input. */ + return -1; + } if (sval != '=' && strchr(base64_chars, sval) == NULL) { /* Invalid base64 character. */ return -1;