diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-08-06 17:23:52 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-08-06 23:57:51 +0200 |
| commit | 4a48dbbaabe0818e88816d6849fa2b74260a063f (patch) | |
| tree | 93cc2af19c62fc88be3a064352d5ed1d36b2e76a | |
| parent | 61c738ebca2135252279932c8b1dfb301636d20f (diff) | |
| download | gnutls-4a48dbbaabe0818e88816d6849fa2b74260a063f.tar.gz | |
_gnutls_base64_decode: reject all zero-length string encodings on decoding
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| -rw-r--r-- | lib/x509_b64.c | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/lib/x509_b64.c b/lib/x509_b64.c index af455324e2..76924416b7 100644 --- a/lib/x509_b64.c +++ b/lib/x509_b64.c @@ -209,6 +209,9 @@ gnutls_pem_base64_encode2(const char *header, /* copies data to result but removes newlines and <CR> * returns the size of the data copied. + * + * It will fail with GNUTLS_E_BASE64_DECODING_ERROR if the + * end-result is the empty string. */ inline static int cpydata(const uint8_t * data, int data_size, gnutls_datum_t * result) @@ -231,11 +234,20 @@ cpydata(const uint8_t * data, int data_size, gnutls_datum_t * result) result->size = j; result->data[j] = 0; + + if (j==0) { + gnutls_free(result->data); + return gnutls_assert_val(GNUTLS_E_BASE64_DECODING_ERROR); + } + return j; } -/* decodes data and puts the result into result (locally allocated) - * The result_size is the return value +/* decodes data and puts the result into result (locally allocated). + * Note that encodings of zero-length strings are being rejected + * with GNUTLS_E_BASE64_DECODING_ERROR. + * + * The result_size is the return value. */ int _gnutls_base64_decode(const uint8_t * data, size_t data_size, @@ -246,6 +258,9 @@ _gnutls_base64_decode(const uint8_t * data, size_t data_size, gnutls_datum_t pdata; struct base64_decode_ctx ctx; + if (data_size == 0) + return gnutls_assert_val(GNUTLS_E_BASE64_DECODING_ERROR); + ret = cpydata(data, data_size, &pdata); if (ret < 0) { gnutls_assert(); @@ -254,7 +269,7 @@ _gnutls_base64_decode(const uint8_t * data, size_t data_size, base64_decode_init(&ctx); - size = BASE64_DECODE_LENGTH(data_size); + size = BASE64_DECODE_LENGTH(pdata.size); if (size == 0) { ret = gnutls_assert_val(GNUTLS_E_BASE64_DECODING_ERROR); goto cleanup; @@ -268,7 +283,7 @@ _gnutls_base64_decode(const uint8_t * data, size_t data_size, ret = base64_decode_update(&ctx, &size, result->data, pdata.size, pdata.data); - if (ret == 0) { + if (ret == 0 || size == 0) { gnutls_assert(); ret = GNUTLS_E_BASE64_DECODING_ERROR; goto fail; |