mirror of
https://github.com/moparisthebest/wget
synced 2024-07-03 16:38:41 -04:00
[svn] base64_encode could read past the end of STR.
This commit is contained in:
parent
c1cb70ecd0
commit
7bc4d2db21
@ -1,3 +1,8 @@
|
|||||||
|
2006-06-19 Hrvoje Niksic <hniksic@xemacs.org>
|
||||||
|
|
||||||
|
* utils.c (base64_encode): Would read past end of STR.
|
||||||
|
Reported by rick@eckle.org.
|
||||||
|
|
||||||
2006-06-13 Mauro Tortonesi <mauro@ferrara.linux.it>
|
2006-06-13 Mauro Tortonesi <mauro@ferrara.linux.it>
|
||||||
|
|
||||||
* options.h (struct options): Introduced member restrict_files_case to
|
* options.h (struct options): Introduced member restrict_files_case to
|
||||||
|
25
src/utils.c
25
src/utils.c
@ -1912,26 +1912,35 @@ base64_encode (const char *str, int length, char *b64store)
|
|||||||
'w','x','y','z','0','1','2','3',
|
'w','x','y','z','0','1','2','3',
|
||||||
'4','5','6','7','8','9','+','/'
|
'4','5','6','7','8','9','+','/'
|
||||||
};
|
};
|
||||||
int i;
|
|
||||||
const unsigned char *s = (const unsigned char *) str;
|
const unsigned char *s = (const unsigned char *) str;
|
||||||
|
const unsigned char *end = (const unsigned char *) str + length - 2;
|
||||||
char *p = b64store;
|
char *p = b64store;
|
||||||
|
|
||||||
/* Transform the 3x8 bits to 4x6 bits, as required by base64. */
|
/* Transform the 3x8 bits to 4x6 bits, as required by base64. */
|
||||||
for (i = 0; i < length; i += 3)
|
for (; s < end; s += 3)
|
||||||
{
|
{
|
||||||
*p++ = tbl[s[0] >> 2];
|
*p++ = tbl[s[0] >> 2];
|
||||||
*p++ = tbl[((s[0] & 3) << 4) + (s[1] >> 4)];
|
*p++ = tbl[((s[0] & 3) << 4) + (s[1] >> 4)];
|
||||||
*p++ = tbl[((s[1] & 0xf) << 2) + (s[2] >> 6)];
|
*p++ = tbl[((s[1] & 0xf) << 2) + (s[2] >> 6)];
|
||||||
*p++ = tbl[s[2] & 0x3f];
|
*p++ = tbl[s[2] & 0x3f];
|
||||||
s += 3;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Pad the result if necessary... */
|
/* Pad the result if necessary... */
|
||||||
if (i == length + 1)
|
switch (length % 3)
|
||||||
*(p - 1) = '=';
|
{
|
||||||
else if (i == length + 2)
|
case 1:
|
||||||
*(p - 1) = *(p - 2) = '=';
|
*p++ = tbl[s[0] >> 2];
|
||||||
|
*p++ = tbl[(s[0] & 3) << 4];
|
||||||
|
*p++ = '=';
|
||||||
|
*p++ = '=';
|
||||||
|
break;
|
||||||
|
case 2:
|
||||||
|
*p++ = tbl[s[0] >> 2];
|
||||||
|
*p++ = tbl[((s[0] & 3) << 4) + (s[1] >> 4)];
|
||||||
|
*p++ = tbl[((s[1] & 0xf) << 2)];
|
||||||
|
*p++ = '=';
|
||||||
|
break;
|
||||||
|
}
|
||||||
/* ...and zero-terminate it. */
|
/* ...and zero-terminate it. */
|
||||||
*p = '\0';
|
*p = '\0';
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user