From 22443c2f05880838db8d7091701f8f20a83cc90e Mon Sep 17 00:00:00 2001
From: "Eric S. Raymond" <esr@thyrsus.com>
Date: Tue, 4 Jun 2002 13:58:21 +0000
Subject: Fix Kerberos bugs.

svn path=/trunk/; revision=3628
---
 base64.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'base64.c')

diff --git a/base64.c b/base64.c
index 3658e956..a8c7f1c1 100644
--- a/base64.c
+++ b/base64.c
@@ -54,6 +54,7 @@ void to64frombits(unsigned char *out, const unsigned char *in, int inlen)
 
 int from64tobits(char *out, const char *in, int maxlen)
 /* base 64 to raw bytes in quasi-big-endian order, returning count of bytes */
+/* maxlen limits output buffer size, set to zero to ignore */
 {
     int len = 0;
     register unsigned char digit1, digit2, digit3, digit4;
@@ -78,17 +79,21 @@ int from64tobits(char *out, const char *in, int maxlen)
 	    return(-1);
 	in += 4;
 	++len;
-	if (len && len >= maxlen)	/* prevent buffer overflow */
+	if (maxlen && len > maxlen)
 	    return(-1);
 	*out++ = (DECODE64(digit1) << 2) | (DECODE64(digit2) >> 4);
 	if (digit3 != '=')
 	{
-	    *out++ = ((DECODE64(digit2) << 4) & 0xf0) | (DECODE64(digit3) >> 2);
 	    ++len;
+	    if (maxlen && len > maxlen)
+	        return(-1);
+	    *out++ = ((DECODE64(digit2) << 4) & 0xf0) | (DECODE64(digit3) >> 2);
 	    if (digit4 != '=')
 	    {
+	        ++len;
+		if (maxlen && len > maxlen)
+		    return(-1);
 		*out++ = ((DECODE64(digit3) << 6) & 0xc0) | DECODE64(digit4);
-		++len;
 	    }
 	}
     } while 
-- 
cgit v1.2.3