]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 02942a1)
datasets/string: fix buffer overflow
authorShivani Bhardwaj <shivanib134@gmail.com>
Thu, 3 Dec 2020 11:13:17 +0000 (16:43 +0530)
committerVictor Julien <victor@inliniac.net>
Thu, 3 Dec 2020 14:17:38 +0000 (15:17 +0100)
The size of encoded_data array and the maximum output length parameter
to Base64Encode function were incorrect leading to buffer overflow for
certain cases. The algorithm requires at least 5 bytes of space to even
convert a string of length 1.

Use BASE64_BUFFER_SIZE macro to correctly calculate this output length.
Set size of encoded_data array to the calculated output length.

src/datasets-string.c patch | blob | blame | history

diff --git a/src/datasets-string.c b/src/datasets-string.c
index 547a39d3425d4029d28d4879e535a60c885a1d25..66e5a8713a98f09506c7205e2628f2b251a11672 100644 (file)
--- a/src/datasets-string.c
+++ b/src/datasets-string.c
@@ -47,8 +47,8 @@ int StringAsBase64(const void *s, char *out, size_t out_size)
 {
     const StringType *str = s;
 
-    unsigned long len = out_size;
-    uint8_t encoded_data[str->len * 2];
+    unsigned long len = BASE64_BUFFER_SIZE(str->len);
+    uint8_t encoded_data[len];
     if (Base64Encode((unsigned char *)str->ptr, str->len,
         encoded_data, &len) != SC_BASE64_OK)
         return 0;
Mirror of https://github.com/OISF/suricata.git