dnsdist: Better handling of invalid Base64 content

The existing code would throw an exception instead of returning
an error for some invalid content, which was harder to diagnose.

Reported by Surya Narayan Kushwaha (aka Cavid), thanks!

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

diff --git a/pdns/dnsdistdist/dnsdist-crypto.cc b/pdns/dnsdistdist/dnsdist-crypto.cc
index c864ac8c2ab1b6b111587065098223774bdf9a02..2c01a0e960ea281b37e35235b0896b6faff6eebf 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-crypto.cc
+++ b/pdns/dnsdistdist/dnsdist-crypto.cc
@@ -509,6 +509,9 @@ int B64Decode(const std::string& strInput, Container& strOutput)
 #endif
   } // while
   if (pad) {
+    if (pad > strOutput.size()) {
+      return -1; // padding-only (or otherwise invalid) Base64
+    }
     strOutput.resize(strOutput.size() - pad);
   }