TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e4e4be77bed48deb01e61dff07f2d3231a9b9938^! / . / library / base64.c
commite4e4be77bed48deb01e61dff07f2d3231a9b9938[log] [tgz]
authorManuel Pégourié-Gonnard <mpg2@elzevir.fr>Wed Sep 30 16:30:28 2015 +0200
committerManuel Pégourié-Gonnard <mpg2@elzevir.fr>Thu Oct 01 18:10:17 2015 +0200
treefcc6ac67a4232f9dc23f84f5d0597b34e9951081
parentb73ce45b3f87672f5dfcc4e136ae8e9771c5552d [diff] [blame]
Fix potential overflow in base64_encode

diff --git a/library/base64.c b/library/base64.c
index dba4c23..c492cc0 100644
--- a/library/base64.c
+++ b/library/base64.c

@@ -77,15 +77,16 @@
         return( 0 );
     }
 
-    n = (slen << 3) / 6;
+    n = slen / 3 + ( slen % 3 != 0 );
 
-    switch( (slen << 3) - (n * 6) )
+    if( n > ( SIZE_T_MAX - 1 ) / 4 )
     {
-        case  2: n += 3; break;
-        case  4: n += 2; break;
-        default: break;
+        *dlen = SIZE_T_MAX;
+        return( POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL );
     }
 
+    n *= 4;
+
     if( *dlen < n + 1 )
     {
         *dlen = n + 1;