From: Tomas Hoger <thoger@redhat.com>
Date: Wed, 7 Mar 2018 10:30:18 +0000 (+0100)
Subject: Fix dec64table[] OOB read in b64decode()
X-Git-Tag: exim-4_91_RC1~10
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=889d293b45a5b0124aea16c41294860b3905a262;hp=889d293b45a5b0124aea16c41294860b3905a262;p=exim.git

Fix dec64table[] OOB read in b64decode()

Possible values for y at this point are 0..255.  However, dec64table[]
only has 128 entries and hence valid indexes are 0..127.  The values of
y greater than 127 trigger out of bounds read.  As dec64table[] is in
the data segment, the OOB access is not detected by tools as valgrind or
ASAN.  This adds a check to ensure y is less than or equal to 127, just
like in other cases where dec64table[] is accessed.

Note that removal of the y == 0 condition is not a problem, as
dec64table[0] == 255, so the second part of the condition is true.
---