summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Nikias Bassen2016-12-14 02:32:47 +0100
committerGravatar Nikias Bassen2016-12-14 02:32:47 +0100
commitae8b7a0f1a5cf569f52f35fc1f113d0c4f354f6e (patch)
tree786305d69ec6a23442adbce187d826eb14848c02
parent5e8fb617b8f7857693e7b41f56eaa6767ed6a54d (diff)
downloadlibplist-ae8b7a0f1a5cf569f52f35fc1f113d0c4f354f6e.tar.gz
libplist-ae8b7a0f1a5cf569f52f35fc1f113d0c4f354f6e.tar.bz2
base64: Prevent use of strlen() in base64decode when input buffer size is known
-rw-r--r--src/base64.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/src/base64.c b/src/base64.c
index 1595bd0..7870a79 100644
--- a/src/base64.c
+++ b/src/base64.c
@@ -105,22 +105,23 @@ static int base64decode_block(unsigned char *target, const char *data, size_t da
unsigned char *base64decode(const char *buf, size_t *size)
{
- if (!buf) return NULL;
- size_t len = strlen(buf);
+ if (!buf || !size) return NULL;
+ size_t len = (*size > 0) ? *size : strlen(buf);
if (len <= 0) return NULL;
unsigned char *outbuf = (unsigned char*)malloc((len/4)*3+3);
const char *ptr = buf;
int p = 0;
+ size_t l = 0;
do {
ptr += strspn(ptr, "\r\n\t ");
- if (*ptr == '\0') {
+ if (*ptr == '\0' || ptr >= buf+len) {
break;
}
- len = strcspn(ptr, "\r\n\t ");
- if (len > 3) {
- p+=base64decode_block(outbuf+p, ptr, len);
- ptr += len;
+ l = strcspn(ptr, "\r\n\t ");
+ if (l > 3 && ptr+l <= buf+len) {
+ p+=base64decode_block(outbuf+p, ptr, l);
+ ptr += l;
} else {
break;
}