From 4c131a4b3083eebf53023e9d7399c7e33db2fc4d Mon Sep 17 00:00:00 2001 From: Shivani Bhardwaj Date: Wed, 24 Apr 2024 12:47:34 +0530 Subject: [PATCH] util/mime: check invalidity after final b64 block Since there is code in place that skips over invalid base64 characters and creates a new array out of the remainder vector, all test must be made after that final array has been created and against the variable that holds the actual length of the final array. --- src/util-decode-mime.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/util-decode-mime.c b/src/util-decode-mime.c index f58a701b01..4b9cd23f34 100644 --- a/src/util-decode-mime.c +++ b/src/util-decode-mime.c @@ -1176,13 +1176,6 @@ static uint32_t ProcessBase64Remainder( SCLogDebug("len %u force %d", len, force); - /* should be impossible, but lets be defensive */ - DEBUG_VALIDATE_BUG_ON(state->bvr_len > B64_BLOCK); - if (state->bvr_len > B64_BLOCK) { - state->bvr_len = 0; - return 0; - } - /* Strip spaces in remainder */ for (uint8_t i = 0; i < state->bvr_len; i++) { if (IsBase64Alphabet(state->bvremain[i])) { @@ -1193,6 +1186,13 @@ static uint32_t ProcessBase64Remainder( } } + /* should be impossible, but lets be defensive */ + DEBUG_VALIDATE_BUG_ON(cnt > B64_BLOCK); + if (cnt > B64_BLOCK) { + state->bvr_len = 0; + return 0; + } + /* if we don't have 4 bytes see if we can fill it from `buf` */ if (buf && len > 0 && cnt != B64_BLOCK) { for (uint32_t i = 0; i < len && cnt < B64_BLOCK; i++) {