michal-grzedzicki / rpms / rpm

Forked from rpms/rpm 4 months ago
Clone
5523e9
From 0964912b94f9f48a0a812fbfbb2f996dbd93eff0 Mon Sep 17 00:00:00 2001
5523e9
From: Jonathan Wakely <github@kayari.org>
5523e9
Date: Wed, 25 May 2016 12:31:19 +0100
5523e9
Subject: [PATCH] Fix off-by-one error
5523e9
5523e9
There's an off-by-one error in base64_decode_value which results in undefined behaviour:
5523e9
5523e9
    void* out;
5523e9
    size_t len;
5523e9
    rpmBase64Decode("\x7b", &out, &len;;
5523e9
---
5523e9
 rpmio/base64.c | 2 +-
5523e9
 1 file changed, 1 insertion(+), 1 deletion(-)
5523e9
5523e9
diff --git a/rpmio/base64.c b/rpmio/base64.c
5523e9
index 60e67d4..4424aab 100644
5523e9
--- a/rpmio/base64.c
5523e9
+++ b/rpmio/base64.c
5523e9
@@ -104,7 +104,7 @@ static int base64_decode_value(unsigned char value_in)
5523e9
 {
5523e9
 	static const int decoding[] = {62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51};
5523e9
 	value_in -= 43;
5523e9
-	if (value_in > sizeof(decoding)/sizeof(int))
5523e9
+	if (value_in >= sizeof(decoding)/sizeof(int))
5523e9
 		return -1;
5523e9
 	return decoding[value_in];
5523e9
 }
5523e9
-- 
5523e9
2.9.3
5523e9