This is an automated email from the ASF dual-hosted git repository. ccollins pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/mynewt-core.git
commit f1ce7cb5f55dfd78d91e850193e548b3d271eb13 Author: Christopher Collins <ccoll...@apache.org> AuthorDate: Fri Jun 12 23:10:59 2020 -0700 base64: fix buffer overrun The `token_decode()` function accepts a string, but the caller was only passing it a byte array without a null terminator. The fix is to change `token_decode()` so that it accepts a second `len` argument. The first argument is now considered a byte array, not a string. --- encoding/base64/src/base64.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/encoding/base64/src/base64.c b/encoding/base64/src/base64.c index 60a90cb..30fb079 100644 --- a/encoding/base64/src/base64.c +++ b/encoding/base64/src/base64.c @@ -126,12 +126,12 @@ base64_pad(char *buf, int len) #define DECODE_ERROR -1 static unsigned int -token_decode(const char *token) +token_decode(const char *token, int len) { int i; unsigned int val = 0; int marker = 0; - if (strlen(token) < 4) + if (len < 4) return DECODE_ERROR; for (i = 0; i < 4; i++) { val *= 64; @@ -248,7 +248,7 @@ base64_decoder_go(struct base64_decoder *dec) /* Copy full token into buf and decode it. */ memcpy(&dec->buf[dec->buf_len], &dec->src[src_off], read_len); - val = token_decode(dec->buf); + val = token_decode(dec->buf, read_len); if (val == DECODE_ERROR) { return -1; }