murch@xxxxxxxxxxxxxx wrote:
Update of /afs/andrew/system/cvs/src/sasl/lib
In directory unix11.andrew.cmu.edu:/var/tmp/cvs-serv5340/lib
Modified Files:
saslutil.c
Log Message:
Fixed CERT VU#238019 (make sure sasl_encode64() always NUL terminates output or returns SASL_BUFOVER)
--- links to diffs follow ---
http://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/lib/saslutil.c.diff?r1=1.48&r2=1.49
Note that there is a side-effect of this change: implementations that
allocate needed size + 1 byte and only pass in the needed size would
stop working.
E.g.
base64len = (length * 4 / 3) + ((length % 3) ? 4 : 0);
data = malloc(base64len + 1);
if (sasl_encode64(binary,
length,
data,
base64len,
NULL) != SASL_OK) {
////Error
}
would return SASL_BUFOVER now. To fix this one needs to pass
"base64len+1" in the 4th parameter.
