This is an automated email from the ASF dual-hosted git repository.
ccollins pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-core.git
commit f1ce7cb5f55dfd78d91e850193e548b3d271eb13
Author: Christopher Collins <ccoll...@apache.org>
AuthorDate: Fri Jun 12 23:10:59 2020 -0700
base64: fix buffer overrun
The `token_decode()` function accepts a string, but the caller was only
passing it a byte array without a null terminator.
The fix is to change `token_decode()` so that it accepts a second `len`
argument. The first argument is now considered a byte array, not a
string.
---
encoding/base64/src/base64.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/encoding/base64/src/base64.c b/encoding/base64/src/base64.c
index 60a90cb..30fb079 100644
--- a/encoding/base64/src/base64.c
+++ b/encoding/base64/src/base64.c
@@ -126,12 +126,12 @@ base64_pad(char *buf, int len)
#define DECODE_ERROR -1
static unsigned int
-token_decode(const char *token)
+token_decode(const char *token, int len)
{
int i;
unsigned int val = 0;
int marker = 0;
- if (strlen(token) < 4)
+ if (len < 4)
return DECODE_ERROR;
for (i = 0; i < 4; i++) {
val *= 64;
@@ -248,7 +248,7 @@ base64_decoder_go(struct base64_decoder *dec)
/* Copy full token into buf and decode it. */
memcpy(&dec->buf[dec->buf_len], &dec->src[src_off], read_len);
- val = token_decode(dec->buf);
+ val = token_decode(dec->buf, read_len);
if (val == DECODE_ERROR) {
return -1;
}
