base64: re-add the check for destination space

Cover all the calls to DecodeBase64Block with the check for enough
space. Found by the recently introduced fuzz target.

Bug 7028

Fixes: c0bc43c39318 ("util/base64: use decoder fns per RFC")

diff --git a/src/util-base64.c b/src/util-base64.c
index 5b58144ad468d3054a6f325c5180486c24e607dc..ad42c9a703bc156cc054e4d18a478cbefa1b4244 100644 (file)
--- a/src/util-base64.c
+++ b/src/util-base64.c
@@ -139,10 +139,8 @@ static inline Base64Ecode DecodeBase64RFC2045(uint8_t *dest, uint32_t dest_size,
         if (bbidx == B64_BLOCK) {
             /* For every 4 bytes, add 3 bytes but deduct the '=' padded blocks */
             uint32_t numDecoded_blk = ASCII_BLOCK - (padding < B64_BLOCK ? padding : ASCII_BLOCK);
-            if (dest_size < *decoded_bytes + numDecoded_blk) {
-                SCLogDebug("Destination buffer full");
+            if (dest_size - *decoded_bytes < ASCII_BLOCK)
                 return BASE64_ECODE_BUF;
-            }
             /* Decode base-64 block into ascii block and move pointer */
             DecodeBase64Block(dptr, b64);
             dptr += numDecoded_blk;
@@ -212,10 +210,8 @@ static inline Base64Ecode DecodeBase64RFC4648(uint8_t *dest, uint32_t dest_size,
         if (bbidx == B64_BLOCK) {
             /* For every 4 bytes, add 3 bytes but deduct the '=' padded blocks */
             uint32_t numDecoded_blk = ASCII_BLOCK - (padding < B64_BLOCK ? padding : ASCII_BLOCK);
-            if (dest_size < *decoded_bytes + numDecoded_blk) {
-                SCLogDebug("Destination buffer full");
+            if (dest_size - *decoded_bytes < ASCII_BLOCK)
                 return BASE64_ECODE_BUF;
-            }
 
             /* Decode base-64 block into ascii block and move pointer */
             DecodeBase64Block(dptr, b64);
@@ -249,10 +245,8 @@ static inline Base64Ecode DecodeBase64RFC4648(uint8_t *dest, uint32_t dest_size,
          * */
         padding = bbidx > 1 ? B64_BLOCK - bbidx : 2;
         uint32_t numDecoded_blk = ASCII_BLOCK - padding;
-        if (dest_size < *decoded_bytes + numDecoded_blk) {
-            SCLogDebug("Destination buffer full");
+        if (dest_size - *decoded_bytes < ASCII_BLOCK)
             return BASE64_ECODE_BUF;
-        }
         /* Decode base-64 block into ascii block and move pointer */
         DecodeBase64Block(dptr, b64);
         *decoded_bytes += numDecoded_blk;