From 1405a0444d316791af6a473324be754789fb98a1 Mon Sep 17 00:00:00 2001
From: "Eric S. Raymond" <esr@thyrsus.com>
Date: Wed, 3 Oct 2001 11:49:04 +0000
Subject: Security audit fix.

svn path=/trunk/; revision=3534
---
 base64.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'base64.c')

diff --git a/base64.c b/base64.c
index 1dc533dd..3658e956 100644
--- a/base64.c
+++ b/base64.c
@@ -52,7 +52,7 @@ void to64frombits(unsigned char *out, const unsigned char *in, int inlen)
     *out = '\0';
 }
 
-int from64tobits(char *out, const char *in)
+int from64tobits(char *out, const char *in, int maxlen)
 /* base 64 to raw bytes in quasi-big-endian order, returning count of bytes */
 {
     int len = 0;
@@ -77,8 +77,10 @@ int from64tobits(char *out, const char *in)
 	if (digit4 != '=' && DECODE64(digit4) == BAD)
 	    return(-1);
 	in += 4;
-	*out++ = (DECODE64(digit1) << 2) | (DECODE64(digit2) >> 4);
 	++len;
+	if (len && len >= maxlen)	/* prevent buffer overflow */
+	    return(-1);
+	*out++ = (DECODE64(digit1) << 2) | (DECODE64(digit2) >> 4);
 	if (digit3 != '=')
 	{
 	    *out++ = ((DECODE64(digit2) << 4) & 0xf0) | (DECODE64(digit3) >> 2);
-- 
cgit v1.2.3