On 6/23/22 5:12 PM, yla...@apache.org wrote:
> Author: ylavic
> Date: Thu Jun 23 15:12:47 2022
> New Revision: 1902206
>
> URL: http://svn.apache.org/viewvc?rev=1902206&view=rev
> Log:
> apr_base64: Make sure encoding/decoding lengths fit in an int >= 0.
>
> The (old) API of apr_base64 functions has always used int for representing
> lengths and it does not return errors. Make sure to abort() if the provided
> data don't fit.
>
> * encoding/apr_base64.c():
> #define APR_BASE64_ENCODE_MAX and APR_BASE64_DECODE_MAX as the hard length
> limits for encoding and decoding respectively.
>
> * encoding/apr_base64.c(apr_base64_encode_len, apr_base64_encode,
> apr_base64_encode_binary, apr_pbase64_encode):
> abort() if the given length is above APR_BASE64_ENCODE_MAX.
>
> * encoding/apr_base64.c(apr_base64_decode_len, apr_base64_decode,
> apr_base64_decode_binary, apr_pbase64_decode):
> abort() if the given plain buffer length is above APR_BASE64_DECODE_MAX.
>
>
> Modified:
> apr/apr/trunk/encoding/apr_base64.c
>
> Modified: apr/apr/trunk/encoding/apr_base64.c
> URL:
> http://svn.apache.org/viewvc/apr/apr/trunk/encoding/apr_base64.c?rev=1902206&r1=1902205&r2=1902206&view=diff
> ==============================================================================
> --- apr/apr/trunk/encoding/apr_base64.c (original)
> +++ apr/apr/trunk/encoding/apr_base64.c Thu Jun 23 15:12:47 2022
> @@ -20,11 +20,20 @@
> * ugly 'len' functions, which is quite a nasty cost.
> */
>
> +#undef NDEBUG /* always abort() on assert()ion failure */
> +#include <assert.h>
> +
> #include "apr_base64.h"
> #if APR_CHARSET_EBCDIC
> #include "apr_xlate.h"
> #endif /* APR_CHARSET_EBCDIC */
>
> +/* Above APR_BASE64_ENCODE_MAX length the encoding can't fit in an int >= 0
> */
> +#define APR_BASE64_ENCODE_MAX 1610612733
> +
> +/* Above APR_BASE64_DECODE_MAX length the decoding can't fit in an int >= 0
> */
> +#define APR_BASE64_DECODE_MAX 2863311524u
> +
Doesn't this depend on the storage size of int on the respective architecture
and thus
should be derived from INT_MAX?
> /* aaaack but it's fast and const should make it shared text page. */
> static const unsigned char pr2six[256] =
> {
> @@ -275,16 +284,17 @@ APR_DECLARE(int) apr_base64_encode_binar
> }
>
> *p++ = '\0';
> - return (int)(p - encoded);
> + return (unsigned int)(p - encoded);
> }
>
> APR_DECLARE(char *) apr_pbase64_encode(apr_pool_t *p, const char *string)
> {
> char *encoded;
> - int l = strlen(string);
> + apr_size_t len = strlen(string);
>
> - encoded = (char *) apr_palloc(p, apr_base64_encode_len(l));
> - apr_base64_encode(encoded, string, l);
> + assert(len <= (apr_size_t)APR_INT32_MAX);
Shouldn't this be INT_MAX or APR_BASE64_ENCODE_MAX?
> + encoded = (char *) apr_palloc(p, apr_base64_encode_len((int)len));
> + apr_base64_encode(encoded, string, (int)len);
>
> return encoded;
> }
>
>
>
Regards
RĂ¼diger
