From: Shivani Bhardwaj <shivani@oisf.net>
Date: Thu, 30 Mar 2023 07:41:12 +0000 (+0530)
Subject: util/base64: check for dest buf size in last block
X-Git-Tag: suricata-6.0.14~51
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cb9dd4be1d84a1b04e8aa55d9d20db4ddd83547b;p=thirdparty%2Fsuricata.git

util/base64: check for dest buf size in last block

Just like the check for destination buffer size done previously for
complete data, it should also be done for the trailing data to avoid
goind out of bounds.

(cherry picked from commit 0e8b451699218b3f3430d7614f76cffed7ba991c)
---

diff --git a/src/util-base64.c b/src/util-base64.c
index 1c99dc6367..678bc14c66 100644
--- a/src/util-base64.c
+++ b/src/util-base64.c
@@ -158,7 +158,13 @@ Base64Ecode DecodeBase64(uint8_t *dest, uint32_t dest_size, const uint8_t *src,
     if (bbidx > 0 && bbidx < 4 && ((!valid && mode == BASE64_MODE_RFC4648))) {
         /* Decoded bytes for 1 or 2 base64 encoded bytes is 1 */
         padding = bbidx > 1 ? B64_BLOCK - bbidx : 2;
-        *decoded_bytes += ASCII_BLOCK - padding;
+        uint32_t numDecoded_blk = ASCII_BLOCK - (padding < B64_BLOCK ? padding : ASCII_BLOCK);
+        if (dest_size < *decoded_bytes + numDecoded_blk) {
+            SCLogDebug("Destination buffer full");
+            ecode = BASE64_ECODE_BUF;
+            return ecode;
+        }
+        *decoded_bytes += numDecoded_blk;
         DecodeBase64Block(dptr, b64);
         *consumed_bytes += bbidx;
     }