base64: fix issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This patch fix two bugs in PJSIP' base64 implementation:
* prevent invalid memory access for empty input string
* allow using an output buffer of just the right size

--- a/pjlib-util/src/pjlib-util/base64.c	2017-05-03 10:29:07.200417026 -0400
+++ b/pjlib-util/src/pjlib-util/base64.c	2017-05-03 10:28:30.344335390 -0400
@@ -131,7 +131,7 @@
 
     PJ_ASSERT_RETURN(input && out && out_len, PJ_EINVAL);
 
-    while (buf[len-1] == '=' && len)
+    while (len && buf[len-1] == '=')
 	--len;
 
     PJ_ASSERT_RETURN(*out_len >= PJ_BASE64_TO_BASE256_LEN(len), 
@@ -161,7 +161,7 @@
 	out[j++] = (pj_uint8_t)(((c[2] & 0x03)<<6) | (c[3] & 0x3F));
     }
 
-    pj_assert(j < *out_len);
+    pj_assert(j <= *out_len);
     *out_len = j;
 
     return PJ_SUCCESS;

---
Adrien Béraud

_______________________________________________
Visit our blog: http://blog.pjsip.org

pjsip mailing list
pjsip@xxxxxxxxxxxxxxx
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux