From: Shivani Bhardwaj <shivanib134@gmail.com>
Date: Thu, 3 Dec 2020 11:13:17 +0000 (+0530)
Subject: datasets/string: fix buffer overflow
X-Git-Tag: suricata-6.0.1~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b0a6ed1e2a2a96419a6c8c80b1bd4067d518c5a0;p=thirdparty%2Fsuricata.git

datasets/string: fix buffer overflow

The size of encoded_data array and the maximum output length parameter
to Base64Encode function were incorrect leading to buffer overflow for
certain cases. The algorithm requires at least 5 bytes of space to even
convert a string of length 1.

Use BASE64_BUFFER_SIZE macro to correctly calculate this output length.
Set size of encoded_data array to the calculated output length.
---

diff --git a/src/datasets-string.c b/src/datasets-string.c
index 547a39d342..66e5a8713a 100644
--- a/src/datasets-string.c
+++ b/src/datasets-string.c
@@ -47,8 +47,8 @@ int StringAsBase64(const void *s, char *out, size_t out_size)
 {
     const StringType *str = s;
 
-    unsigned long len = out_size;
-    uint8_t encoded_data[str->len * 2];
+    unsigned long len = BASE64_BUFFER_SIZE(str->len);
+    uint8_t encoded_data[len];
     if (Base64Encode((unsigned char *)str->ptr, str->len,
         encoded_data, &len) != SC_BASE64_OK)
         return 0;