Module Name: src
Committed By: mrg
Date: Fri Dec 26 19:48:52 UTC 2014
Modified Files:
src/libexec/httpd: auth-bozo.c
Log Message:
properly handle ilen = 0 case, which could lead to array underflow.
pointed out by Maxime Villard.
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/libexec/httpd/auth-bozo.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/httpd/auth-bozo.c
diff -u src/libexec/httpd/auth-bozo.c:1.14 src/libexec/httpd/auth-bozo.c:1.15
--- src/libexec/httpd/auth-bozo.c:1.14 Fri Nov 21 08:58:28 2014
+++ src/libexec/httpd/auth-bozo.c Fri Dec 26 19:48:52 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: auth-bozo.c,v 1.14 2014/11/21 08:58:28 shm Exp $ */
+/* $NetBSD: auth-bozo.c,v 1.15 2014/12/26 19:48:52 mrg Exp $ */
/* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */
@@ -238,6 +238,12 @@ base64_decode(const unsigned char *in, s
unsigned char *cp;
size_t i;
+ if (ilen == 0) {
+ if (olen)
+ *out = '\0';
+ return 0;
+ }
+
cp = out;
for (i = 0; i < ilen; i += 4) {
if (cp + 3 > out + olen)
