Hi Adrien,
Thanks for the patch. We committed it in r5589 (https://trac.pjsip.org/repos/changeset/5589).
Best regards,
Ming
On Wed, May 3, 2017 at 11:26 PM, Adrien Béraud <adrien.beraud@xxxxxxxxxxxxxxxxxxxx> wrote:
This patch fix two bugs in PJSIP' base64 implementation:
* prevent invalid memory access for empty input string
* allow using an output buffer of just the right size
--- a/pjlib-util/src/pjlib-util/base64.c 2017-05-03 10:29:07.200417026 -0400
+++ b/pjlib-util/src/pjlib-util/base64.c 2017-05-03 10:28:30.344335390 -0400
@@ -131,7 +131,7 @@
PJ_ASSERT_RETURN(input && out && out_len, PJ_EINVAL);
- while (buf[len-1] == '=' && len)
+ while (len && buf[len-1] == '=')
--len;
PJ_ASSERT_RETURN(*out_len >= PJ_BASE64_TO_BASE256_LEN(len),
@@ -161,7 +161,7 @@
out[j++] = (pj_uint8_t)(((c[2] & 0x03)<<6) | (c[3] & 0x3F));
}
- pj_assert(j < *out_len);
+ pj_assert(j <= *out_len);
*out_len = j;
return PJ_SUCCESS;
---
Adrien Béraud
_______________________________________________
Visit our blog: http://blog.pjsip.org
pjsip mailing list
pjsip@xxxxxxxxxxxxxxx
http://lists.pjsip.org/mailman/listinfo/pjsip_lists. pjsip.org
_______________________________________________ Visit our blog: http://blog.pjsip.org pjsip mailing list pjsip@xxxxxxxxxxxxxxx http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org