From: Shivani Bhardwaj <shivani@oisf.net>
Date: Thu, 30 Mar 2023 07:41:12 +0000 (+0530)
Subject: util/base64: check for dest buf size in last block
X-Git-Tag: suricata-7.0.0~60
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0e8b451699218b3f3430d7614f76cffed7ba991c;p=thirdparty%2Fsuricata.git

util/base64: check for dest buf size in last block

Just like the check for destination buffer size done previously for
complete data, it should also be done for the trailing data to avoid
goind out of bounds.
---

diff --git a/src/util-base64.c b/src/util-base64.c
index b8434a564a..c9831ddca1 100644
--- a/src/util-base64.c
+++ b/src/util-base64.c
@@ -159,7 +159,13 @@ Base64Ecode DecodeBase64(uint8_t *dest, uint32_t dest_size, const uint8_t *src,
     if (bbidx > 0 && bbidx < 4 && ((!valid && mode == BASE64_MODE_RFC4648))) {
         /* Decoded bytes for 1 or 2 base64 encoded bytes is 1 */
         padding = bbidx > 1 ? B64_BLOCK - bbidx : 2;
-        *decoded_bytes += ASCII_BLOCK - padding;
+        uint32_t numDecoded_blk = ASCII_BLOCK - (padding < B64_BLOCK ? padding : ASCII_BLOCK);
+        if (dest_size < *decoded_bytes + numDecoded_blk) {
+            SCLogDebug("Destination buffer full");
+            ecode = BASE64_ECODE_BUF;
+            return ecode;
+        }
+        *decoded_bytes += numDecoded_blk;
         DecodeBase64Block(dptr, b64);
         *consumed_bytes += bbidx;
     }