From: Jann Horn <jann@thejh.net>
Date: Wed, 16 Jul 2014 19:55:42 +0000 (+0200)
Subject: Remove quadratic complexity from openvpn_base64_decode()
X-Git-Tag: v2.3.5~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=72cbc106d95fb18892c739f128d29d4f54179771;p=thirdparty%2Fopenvpn.git

Remove quadratic complexity from openvpn_base64_decode()

Every four input characters, openvpn_base64_decode called token_decode,
which in turn called strlen() on the remaining input. This means that
base64 decoding in openvpn had quadratic complexity.

All we really need to know is whether the token is complete, so replace
the check to check just that, and make the complexity linear wrt the
input length.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <5408494D.7050407@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9016
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 25e1ec71dd150e803c0a25308c193fea124c7b7a)
---

diff --git a/src/openvpn/base64.c b/src/openvpn/base64.c
index bb89aae38..7dccec299 100644
--- a/src/openvpn/base64.c
+++ b/src/openvpn/base64.c
@@ -110,7 +110,7 @@ token_decode(const char *token)
     int i;
     unsigned int val = 0;
     int marker = 0;
-    if (strlen(token) < 4)
+    if (!token[0] || !token[1] || !token[2] || !token[3])
 	return DECODE_ERROR;
     for (i = 0; i < 4; i++) {
 	val *= 64;