From: Igor Ustinov Date: Sat, 28 Mar 2026 12:49:00 +0000 (+0100) Subject: evp_decodeblock_int(): Bugfix of padding check X-Git-Tag: openssl-4.0.0~64 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9fbb4e0e913ae2b10d08194a4ea3edf921c3b098;p=thirdparty%2Fopenssl.git evp_decodeblock_int(): Bugfix of padding check The padding check didn't take into account that by this point the f pointer had already shifted by 4 positions. Luckily, the original f[2] and f[3] were saved in c and d . This code is not reachable in normal operation, but that is not a reason not to fix it. Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz MergeDate: Fri Apr 3 15:31:13 2026 (Merged from https://github.com/openssl/openssl/pull/30618) (cherry picked from commit 1b97a9ae19b8779835e0c9ad6b4f0460d984fd6a) --- diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index faf9a3887d5..4f2c412c3cb 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -682,7 +682,7 @@ static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, l = ((((unsigned long)a) << 18L) | (((unsigned long)b) << 12L) | (((unsigned long)c) << 6L) | (((unsigned long)d))); if (eof == -1) - eof = (f[2] == '=') + (f[3] == '='); + eof = (c == '=') + (d == '='); switch (eof) { case 2: