From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Wed, 4 Sep 2019 16:34:30 +0000 (+0200)
Subject: lib: base64 - Truly fix dest buffer assertion in base64_decode_more().
X-Git-Tag: 2.3.9~192
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=81624346656e2c15c0d176189cf24f4417de7db8;p=thirdparty%2Fdovecot%2Fcore.git

lib: base64 - Truly fix dest buffer assertion in base64_decode_more().

Previous fix was inadequate in the presence of padding at the end of input.
---

diff --git a/src/lib/base64.c b/src/lib/base64.c
index fb6cd635e6..f0baf6578b 100644
--- a/src/lib/base64.c
+++ b/src/lib/base64.c
@@ -561,6 +561,12 @@ int base64_decode_more(struct base64_decoder *dec,
 			continue;
 		}
 
+		if (dst_avail == 0) {
+			i_assert(src_pos_r != NULL);
+			*src_pos_r = src_pos;
+			return 1;
+		}
+
 		switch (dec->sub_pos) {
 		case 0:
 			dec->buf = dm;
@@ -590,13 +596,6 @@ int base64_decode_more(struct base64_decoder *dec,
 		default:
 			i_unreached();
 		}
-		if (dst_avail == 0) {
-			if (src_pos_r != NULL)
-				*src_pos_r = src_pos + 1;
-			else
-				i_assert(src_pos + 1 == src_size);
-			return 1;
-		}
 	}
 
 	if (dec->seen_padding) {
diff --git a/src/lib/test-base64.c b/src/lib/test-base64.c
index 534d23139a..5b9b38224d 100644
--- a/src/lib/test-base64.c
+++ b/src/lib/test-base64.c
@@ -834,18 +834,27 @@ test_base64_random_lowlevel_one_block(const struct base64_scheme *b64,
 {
 	struct base64_encoder enc;
 	struct base64_decoder dec;
+	void *space;
+	size_t enc_size;
+	buffer_t buf;
 	int ret;
 
 	buffer_set_used_size(buf1, 0);
 	buffer_set_used_size(buf2, 0);
 
 	base64_encode_init(&enc, b64, enc_flags, max_line_len);
-	base64_encode_more(&enc, in_buf, in_buf_size, NULL, buf1);
-	base64_encode_finish(&enc, buf1);
+	enc_size = base64_get_full_encoded_size(&enc, in_buf_size);
+	space = buffer_append_space_unsafe(buf1, enc_size);
+	buffer_create_from_data(&buf, space, enc_size);
+
+	base64_encode_more(&enc, in_buf, in_buf_size, NULL, &buf);
+	base64_encode_finish(&enc, &buf);
 
 	base64_decode_init(&dec, b64, dec_flags);
-	ret = base64_decode_more(&dec, buf1->data, buf1->used,
-				 NULL, buf2);
+	space = buffer_append_space_unsafe(buf2, in_buf_size);
+	buffer_create_from_data(&buf, space, in_buf_size);
+
+	ret = base64_decode_more(&dec, buf1->data, buf1->used, NULL, &buf);
 	if (ret >= 0)
 		ret = base64_decode_finish(&dec);