util/base64: fix buffer overflow

Ticket: 6902 In case the caller of DecodeBase64 does not supply a big enough output buffer.
2 years ago · fd47e67dc6
parent d226d0a3fc
commit fd47e67dc6
1 changed files with 5 additions and 1 deletions
--- a/src/util-base64.c
+++ b/src/util-base64.c
@ -156,6 +156,8 @@ Base64Ecode DecodeBase64(uint8_t *dest, uint32_t dest_size, const uint8_t *src,
                ecode = BASE64_ECODE_BUF;
                break;
            }
+            if (dest_size - *decoded_bytes < ASCII_BLOCK)
+                return BASE64_ECODE_BUF;

            /* Decode base-64 block into ascii block and move pointer */
            DecodeBase64Block(dptr, b64);
@ -183,7 +185,7 @@ Base64Ecode DecodeBase64(uint8_t *dest, uint32_t dest_size, const uint8_t *src,
        /* if the destination size is not at least 3 Bytes long, it'll give a dynamic
         * buffer overflow while decoding, so, return and let the caller take care of the
         * remaining bytes to be decoded which should always be < 4 at this stage */
-        if (dest_size - *decoded_bytes < 3)
+        if (dest_size - *decoded_bytes < ASCII_BLOCK)
            return BASE64_ECODE_BUF;
        *decoded_bytes += numDecoded_blk;
        DecodeBase64Block(dptr, b64);
@ -193,6 +195,8 @@ Base64Ecode DecodeBase64(uint8_t *dest, uint32_t dest_size, const uint8_t *src,
    /* Finish remaining b64 bytes by padding */
    if (valid && bbidx > 0 && (mode != BASE64_MODE_RFC2045)) {
        /* Decode remaining */
+        if (dest_size - *decoded_bytes < ASCII_BLOCK)
+            return BASE64_ECODE_BUF;
        *decoded_bytes += ASCII_BLOCK - (B64_BLOCK - bbidx);
        DecodeBase64Block(dptr, b64);
    }