[Rpm-maint] [PATCH] Fix array bounds check of decoding[] in base64_decode_value.
Mark Wielaard
mjw at redhat.com
Wed May 25 12:32:26 UTC 2016
This issue was reported against the libb64 public domain code from which
rpmio/base64.c was derived. https://sourceforge.net/p/libb64/bugs/2/
The char signedness issue was already solved differently in our code,
but the array bounds check was missing in rpmio/base64.c.
Fixed suggested by Jakub Wilk and Jonathan Wakely.
Signed-off-by: Mark Wielaard <mjw at redhat.com>
---
rpmio/base64.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/rpmio/base64.c b/rpmio/base64.c
index 60e67d4..a3767ca 100644
--- a/rpmio/base64.c
+++ b/rpmio/base64.c
@@ -103,8 +103,9 @@ char *rpmBase64Encode(const void *data, size_t len, int linelen)
static int base64_decode_value(unsigned char value_in)
{
static const int decoding[] = {62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51};
+ if (value_in < 43) return -1;
value_in -= 43;
- if (value_in > sizeof(decoding)/sizeof(int))
+ if (value_in >= sizeof(decoding)/sizeof(int))
return -1;
return decoding[value_in];
}
--
2.5.5
More information about the Rpm-maint
mailing list