projects / exim.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 71bb51e) | patch
Fix dec64table[] OOB read in b64decode()
authorTomas Hoger <thoger@redhat.com>
Wed, 7 Mar 2018 10:30:18 +0000 (11:30 +0100)
committerHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Mon, 12 Mar 2018 21:16:55 +0000 (22:16 +0100)
commit889d293b45a5b0124aea16c41294860b3905a262
tree0c52eeddc6f351248a62f71f0cb8d3dbfd12ed87tree | snapshot (zip tar.gz)
parent71bb51e08dc03f768d19f237fed415bc74246de3commit | diff
Fix dec64table[] OOB read in b64decode()

Possible values for y at this point are 0..255.  However, dec64table[]
only has 128 entries and hence valid indexes are 0..127.  The values of
y greater than 127 trigger out of bounds read.  As dec64table[] is in
the data segment, the OOB access is not detected by tools as valgrind or
ASAN.  This adds a check to ensure y is less than or equal to 127, just
like in other cases where dec64table[] is accessed.

Note that removal of the y == 0 condition is not a problem, as
dec64table[0] == 255, so the second part of the condition is true.
src/src/base64.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.