forgot to mention - (it was too late in the evening yesterday) - this was
found in
openssl-0.9.5a, file crypto/evp/bio_b64.c, function static int b64_write(BIO
*b, char *in, int inl)
Today I prepared a build of OpenSSL with my changes and tested it. Seems to
work fine. The changes are marked with *** in the snippet below
At the end of the message you'll find a description of how the proposed fix
was tested
=================================
--------------------------
original code
--------------------------
if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
{
if (ctx->tmp_len > 0)
{
n=3-ctx->tmp_len;
memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
ctx->tmp_len+=n;
n=ctx->tmp_len;
if (n < 3)
break;
ctx->buf_len=EVP_EncodeBlock(
(unsigned char *)ctx->buf,
(unsigned char *)ctx->tmp,n);
}
------------------------------
new code:
------------------------------
if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
{
if (ctx->tmp_len > 0)
{
n=3-ctx->tmp_len;
memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
ctx->tmp_len+=n;
/* n=ctx->tmp_len; removed statement *** */
/* if (n < 3)
***
break; removed statement ***
*/
/* you could do (ctx->tmp_len < 3 ) check
instead of the removed one here */
ctx->buf_len=EVP_EncodeBlock(
(unsigned char *)ctx->buf,
(unsigned char *)ctx->tmp, /* n
replaecd parameter *** */ ctx->tmp_len );
ctx->tmp_len=0; /* added statement *** */
}
=================================
TEST description - enc_base64 and dec_base64 create mem bios with attached
base64 filter bios
dec_64 mem bio returns 0 on EOF (BIO_set_mem_eof_return(b,0) was set).
base64 filter bios have
BIO_set_flags ( b64, BIO_FLAGS_BASE64_NO_NL); flags set.
for every iteration of the loop the length of the string encoded and decoded
increases by 1 until it reaches
the original length of the array. The original string was encoded than the
encoded result was decoded and compared with the original.
As a result somewhere around 1800 iterations were done and it worked fine.
==================
{
char array[]=<array containing about 2 KBytes containing some test
phrases>
for( int j = 1; j < array_len; j++)
{
c = array[j];
array[j]='\0';
cb = enc_base64( ain, &outenc);
cb = dec_base64( outenc, &outdec);
if( strcmp( array, outdec) != 0)
_ASSERT(0);
array[j]=c;
if( outenc)
Free( outenc);
if( outdec)
Free( outdec);
}
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
