UBSan: Avoid unsigned integer overflow in base64 encoding

Add a constraint on the base64 encoded buffer length to avoid an integer
overflow in the output length calculation.

common.c:1087:16: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned long')

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/utils/base64.c b/src/utils/base64.c
index 8eb4ba127d480372c259612315016bdffd47cffd..53a92f49ed83f639acf9f83f48f1de1f071d6953 100644 (file)
--- a/src/utils/base64.c
+++ b/src/utils/base64.c
@@ -1,12 +1,13 @@
 /*
  * Base64 encoding/decoding (RFC1341)
- * Copyright (c) 2005-2011, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2005-2019, Jouni Malinen <j@w1.fi>
  *
  * This software may be distributed under the terms of the BSD license.
  * See README for more details.
  */
 
 #include "includes.h"
+#include <stdint.h>
 
 #include "os.h"
 #include "base64.h"
@@ -27,6 +28,8 @@ static unsigned char * base64_gen_encode(const unsigned char *src, size_t len,
        size_t olen;
        int line_len;
 
+       if (len >= SIZE_MAX / 4)
+               return NULL;
        olen = len * 4 / 3 + 4; /* 3-byte blocks to 4-byte */
        if (add_pad)
                olen += olen / 72; /* line feeds */