1
0
mirror of https://github.com/moparisthebest/wget synced 2024-07-03 16:38:41 -04:00

[svn] base64_encode could read past the end of STR.

This commit is contained in:
hniksic 2006-06-19 13:35:53 -07:00
parent c1cb70ecd0
commit 7bc4d2db21
2 changed files with 22 additions and 8 deletions

View File

@ -1,3 +1,8 @@
2006-06-19 Hrvoje Niksic <hniksic@xemacs.org>
* utils.c (base64_encode): Would read past end of STR.
Reported by rick@eckle.org.
2006-06-13 Mauro Tortonesi <mauro@ferrara.linux.it> 2006-06-13 Mauro Tortonesi <mauro@ferrara.linux.it>
* options.h (struct options): Introduced member restrict_files_case to * options.h (struct options): Introduced member restrict_files_case to

View File

@ -1912,26 +1912,35 @@ base64_encode (const char *str, int length, char *b64store)
'w','x','y','z','0','1','2','3', 'w','x','y','z','0','1','2','3',
'4','5','6','7','8','9','+','/' '4','5','6','7','8','9','+','/'
}; };
int i;
const unsigned char *s = (const unsigned char *) str; const unsigned char *s = (const unsigned char *) str;
const unsigned char *end = (const unsigned char *) str + length - 2;
char *p = b64store; char *p = b64store;
/* Transform the 3x8 bits to 4x6 bits, as required by base64. */ /* Transform the 3x8 bits to 4x6 bits, as required by base64. */
for (i = 0; i < length; i += 3) for (; s < end; s += 3)
{ {
*p++ = tbl[s[0] >> 2]; *p++ = tbl[s[0] >> 2];
*p++ = tbl[((s[0] & 3) << 4) + (s[1] >> 4)]; *p++ = tbl[((s[0] & 3) << 4) + (s[1] >> 4)];
*p++ = tbl[((s[1] & 0xf) << 2) + (s[2] >> 6)]; *p++ = tbl[((s[1] & 0xf) << 2) + (s[2] >> 6)];
*p++ = tbl[s[2] & 0x3f]; *p++ = tbl[s[2] & 0x3f];
s += 3;
} }
/* Pad the result if necessary... */ /* Pad the result if necessary... */
if (i == length + 1) switch (length % 3)
*(p - 1) = '='; {
else if (i == length + 2) case 1:
*(p - 1) = *(p - 2) = '='; *p++ = tbl[s[0] >> 2];
*p++ = tbl[(s[0] & 3) << 4];
*p++ = '=';
*p++ = '=';
break;
case 2:
*p++ = tbl[s[0] >> 2];
*p++ = tbl[((s[0] & 3) << 4) + (s[1] >> 4)];
*p++ = tbl[((s[1] & 0xf) << 2)];
*p++ = '=';
break;
}
/* ...and zero-terminate it. */ /* ...and zero-terminate it. */
*p = '\0'; *p = '\0';