From: Emeric Brun <ebrun@haproxy.com>
Date: Mon, 14 Jan 2019 13:38:39 +0000 (+0100)
Subject: BUG/MINOR: base64: dec func ignores padding for output size checking
X-Git-Tag: v2.0-dev1~216
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ed697e4856e5ac0b9931fd50fd8ff1b7739e5d88;p=thirdparty%2Fhaproxy.git

BUG/MINOR: base64: dec func ignores padding for output size checking

Decode function returns an error even if the ouptut buffer is
large enought because the padding was not considered. This
case was never met with current code base.
---

diff --git a/src/base64.c b/src/base64.c
index f7961c538c..e7c9519200 100644
--- a/src/base64.c
+++ b/src/base64.c
@@ -83,7 +83,9 @@ int base64dec(const char *in, size_t ilen, char *out, size_t olen) {
 	if (ilen % 4)
 		return -1;
 
-	if (olen < ilen / 4 * 3)
+	if (olen < ((ilen / 4 * 3)
+	            - (in[ilen-1] == '=' ? 1 : 0)
+	            - (in[ilen-2] == '=' ? 1 : 0)))
 		return -2;
 
 	while (ilen) {