]> git.ipfire.org Git - thirdparty/pdns.git/commitdiff
dnsdist: Better handling of invalid Base64 content
authorRemi Gacogne <remi.gacogne@powerdns.com>
Tue, 3 Feb 2026 09:32:02 +0000 (10:32 +0100)
committerRemi Gacogne <remi.gacogne@powerdns.com>
Tue, 3 Feb 2026 09:59:04 +0000 (10:59 +0100)
The existing code would throw an exception instead of returning
an error for some invalid content, which was harder to diagnose.

Reported by Surya Narayan Kushwaha (aka Cavid), thanks!

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
pdns/dnsdistdist/dnsdist-crypto.cc

index c864ac8c2ab1b6b111587065098223774bdf9a02..2c01a0e960ea281b37e35235b0896b6faff6eebf 100644 (file)
@@ -509,6 +509,9 @@ int B64Decode(const std::string& strInput, Container& strOutput)
 #endif
   } // while
   if (pad) {
+    if (pad > strOutput.size()) {
+      return -1; // padding-only (or otherwise invalid) Base64
+    }
     strOutput.resize(strOutput.size() - pad);
   }