base64: check for integer overflow on large input

CVE-2016-8617 Bug: https://curl.haxx.se/docs/adv_20161102C.html Reported-by: Cure53
2016-09-28 00:05:12 +02:00 · 2016-09-28 00:05:12 +02:00 · efd24d5742
parent 3d6460edee
commit efd24d5742
1 changed files with 5 additions and 0 deletions
--- a/lib/base64.c
+++ b/lib/base64.c
@ -190,6 +190,11 @@ static CURLcode base64_encode(const char *table64,
  if(!insize)
    insize = strlen(indata);

+#if SIZEOF_SIZE_T == 4
+  if(insize > UINT_MAX/4)
+    return CURLE_OUT_OF_MEMORY;
+#endif
+
  base64data = output = malloc(insize * 4 / 3 + 4);
  if(!output)
    return CURLE_OUT_OF_MEMORY;