1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
| From 7b30fbc3d47dfaf38d8ce8b8949a69d2984dac76 Mon Sep 17 00:00:00 2001
| From: Khem Raj <raj.khem@gmail.com>
| Date: Sat, 27 Mar 2021 22:06:03 -0700
| Subject: [PATCH] fix integer overflows
|
| Author: Jakub Wilk <jwilk@debian.org>
| Bug: http://sourceforge.net/tracker/?func=detail&aid=3591129&group_id=152942&atid=785907
|
| Upstream-Status: Pending
| Signed-off-by: Khem Raj <raj.khem@gmail.com>
| ---
| src/cdecode.c | 15 ++++++++-------
| 1 file changed, 8 insertions(+), 7 deletions(-)
|
| diff --git a/src/cdecode.c b/src/cdecode.c
| index a6c0a42..4e47e9f 100644
| --- a/src/cdecode.c
| +++ b/src/cdecode.c
| @@ -9,10 +9,11 @@ For details, see http://sourceforge.net/projects/libb64
|
| int base64_decode_value(char value_in)
| {
| - static const char decoding[] = {62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51};
| + static const signed char decoding[] = {62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51};
| static const char decoding_size = sizeof(decoding);
| + if (value_in < 43) return -1;
| value_in -= 43;
| - if (value_in < 0 || value_in >= decoding_size) return -1;
| + if (value_in > decoding_size) return -1;
| return decoding[(int)value_in];
| }
|
| @@ -26,7 +27,7 @@ int base64_decode_block(const char* code_in, const int length_in, char* plaintex
| {
| const char* codechar = code_in;
| char* plainchar = plaintext_out;
| - char fragment;
| + int fragment;
|
| *plainchar = state_in->plainchar;
|
| @@ -42,7 +43,7 @@ int base64_decode_block(const char* code_in, const int length_in, char* plaintex
| state_in->plainchar = *plainchar;
| return plainchar - plaintext_out;
| }
| - fragment = (char)base64_decode_value(*codechar++);
| + fragment = base64_decode_value(*codechar++);
| } while (fragment < 0);
| *plainchar = (fragment & 0x03f) << 2;
| case step_b:
| @@ -53,7 +54,7 @@ int base64_decode_block(const char* code_in, const int length_in, char* plaintex
| state_in->plainchar = *plainchar;
| return plainchar - plaintext_out;
| }
| - fragment = (char)base64_decode_value(*codechar++);
| + fragment = base64_decode_value(*codechar++);
| } while (fragment < 0);
| *plainchar++ |= (fragment & 0x030) >> 4;
| *plainchar = (fragment & 0x00f) << 4;
| @@ -65,7 +66,7 @@ int base64_decode_block(const char* code_in, const int length_in, char* plaintex
| state_in->plainchar = *plainchar;
| return plainchar - plaintext_out;
| }
| - fragment = (char)base64_decode_value(*codechar++);
| + fragment = base64_decode_value(*codechar++);
| } while (fragment < 0);
| *plainchar++ |= (fragment & 0x03c) >> 2;
| *plainchar = (fragment & 0x003) << 6;
| @@ -77,7 +78,7 @@ int base64_decode_block(const char* code_in, const int length_in, char* plaintex
| state_in->plainchar = *plainchar;
| return plainchar - plaintext_out;
| }
| - fragment = (char)base64_decode_value(*codechar++);
| + fragment = base64_decode_value(*codechar++);
| } while (fragment < 0);
| *plainchar++ |= (fragment & 0x03f);
| }
|
|
