summaryrefslogtreecommitdiff
path: root/extra/yassl/taocrypt/src/coding.cpp
diff options
context:
space:
mode:
authorSergei Golubchik <sergii@pisem.net>2012-10-16 13:04:42 +0200
committerSergei Golubchik <sergii@pisem.net>2012-10-16 13:04:42 +0200
commitee9afef27141f55165009fdbd58e54942f3a6867 (patch)
treeb5e15e62e10daa40aef3e6d33eeabf9205d1be0f /extra/yassl/taocrypt/src/coding.cpp
parentd9a8799205d160688f81362356dd2323eb8a91ea (diff)
parenta619bfad30c13207fb0453a85af5740846186900 (diff)
downloadmariadb-git-ee9afef27141f55165009fdbd58e54942f3a6867.tar.gz
mysql-5.5.28
Diffstat (limited to 'extra/yassl/taocrypt/src/coding.cpp')
-rw-r--r--extra/yassl/taocrypt/src/coding.cpp21
1 files changed, 21 insertions, 0 deletions
diff --git a/extra/yassl/taocrypt/src/coding.cpp b/extra/yassl/taocrypt/src/coding.cpp
index 97c62ea12a7..0512ea9c889 100644
--- a/extra/yassl/taocrypt/src/coding.cpp
+++ b/extra/yassl/taocrypt/src/coding.cpp
@@ -103,6 +103,16 @@ void HexDecoder::Decode()
byte b = coded_.next() - 0x30; // 0 starts at 0x30
byte b2 = coded_.next() - 0x30;
+ // sanity checks
+ if (b >= sizeof(hexDecode)/sizeof(hexDecode[0])) {
+ coded_.SetError(PEM_E);
+ return;
+ }
+ if (b2 >= sizeof(hexDecode)/sizeof(hexDecode[0])) {
+ coded_.SetError(PEM_E);
+ return;
+ }
+
b = hexDecode[b];
b2 = hexDecode[b2];
@@ -178,6 +188,7 @@ void Base64Decoder::Decode()
{
word32 bytes = coded_.size();
word32 plainSz = bytes - ((bytes + (pemLineSz - 1)) / pemLineSz);
+ const byte maxIdx = (byte)sizeof(base64Decode) + 0x2B - 1;
plainSz = ((plainSz * 3) / 4) + 3;
decoded_.New(plainSz);
@@ -200,6 +211,16 @@ void Base64Decoder::Decode()
if (e4 == pad)
pad4 = true;
+ if (e1 < 0x2B || e2 < 0x2B || e3 < 0x2B || e4 < 0x2B) {
+ coded_.SetError(PEM_E);
+ return;
+ }
+
+ if (e1 > maxIdx || e2 > maxIdx || e3 > maxIdx || e4 > maxIdx) {
+ coded_.SetError(PEM_E);
+ return;
+ }
+
e1 = base64Decode[e1 - 0x2B];
e2 = base64Decode[e2 - 0x2B];
e3 = (e3 == pad) ? 0 : base64Decode[e3 - 0x2B];
View Lorry Controller Status