util/base64: check dest buf size to hold 3Bytes

The destination buffer should be able to hold at least 3 Bytes during
the processing of the last block of data. If it cannot hold at least 3
Bytes, then that may lead to dynamic buffer overflow while decoding.

(cherry picked from commit 62d782156caddec0b4ca795d7236c6483d02efff)

diff --git a/src/util-base64.c b/src/util-base64.c
index 678bc14c66baba4f5f04ad93379c15bd4e0916c4..95a260ea7db46776de1d707e4126430a837e19a5 100644 (file)
--- a/src/util-base64.c
+++ b/src/util-base64.c
@@ -164,6 +164,11 @@ Base64Ecode DecodeBase64(uint8_t *dest, uint32_t dest_size, const uint8_t *src,
             ecode = BASE64_ECODE_BUF;
             return ecode;
         }
+        /* if the destination size is not at least 3 Bytes long, it'll give a dynamic
+         * buffer overflow while decoding, so, return and let the caller take care of the
+         * remaining bytes to be decoded which should always be < 4 at this stage */
+        if (dest_size - *decoded_bytes < 3)
+            return BASE64_ECODE_BUF;
         *decoded_bytes += numDecoded_blk;
         DecodeBase64Block(dptr, b64);
         *consumed_bytes += bbidx;