BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec}
Ensure that no more than olen bytes is written to the output buffer,
otherwise we might experience an unexpected behavior.
While the original code used to validate that the output size was
always large enough before starting to write, this validation was
later broken by the commit below, allowing to 3-byte blocks to
areas whose size is not multiple of 3:
commit
ed697e4856e5ac0b9931fd50fd8ff1b7739e5d88
Author: Emeric Brun <ebrun@haproxy.com>
Date: Mon Jan 14 14:38:39 2019 +0100
BUG/MINOR: base64: dec func ignores padding for output size checking
Decode function returns an error even if the ouptut buffer is
large enought because the padding was not considered. This
case was never met with current code base.
For base64urldec(), it's basically the same problem except that since
the input format supports arbitrary lengths, the problem has always
been there since its introduction in 2.4.
This should be backported to all stable branches having a backport of
the patch above (i.e. 2.0), with some adjustments depending on the
availability of the base64dec() and base64urldec().
(cherry picked from commit
f3899ddbcbf4c445d4a519fb04cc253e60d30e6e)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
aec6e0244e8b1693c5f78bb5a0483986ef2ac688)
[wt: dropped base64urldec]
Signed-off-by: Willy Tarreau <w@1wt.eu>
projects / haproxy-2.3.git / commit