git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Josh Law <objecting@objecting.org>
	Tue, 24 Mar 2026 22:32:09 +0000 (22:32 +0000)
committer	Andrew Morton <akpm@linux-foundation.org>
	Fri, 29 May 2026 04:24:43 +0000 (21:24 -0700)
commit	cae29a5787e38ce7ec7727a87ac7e393a85cb1ef
tree	1d446798d47a09e628e7aa45baffe12a139eeece	tree \| snapshot
parent	cd2464a059d6e88eecda87d71d3dbc87175289f0	commit \| diff

lib/base64: validate before writing in decode tail path

Patch series "lib/base64: decode fixes", v2.

Two small fixes for lib/base64.c:

1. base64_decode() writes a decoded byte to the output buffer before
   validating the input in the trailing-bytes path. Move the validity
   checks before any writes so dst is untouched on invalid input.

2. The @padding kernel-doc for base64_decode() was copy-pasted from
   base64_encode() and describes the wrong direction.

This patch (of 2):

The trailing-bytes path in base64_decode() writes a decoded byte to the
output buffer before checking whether the input characters are valid.  If
the input is malformed, garbage is written to dst before the function
returns -1.

Move the validity checks before any writes so the output buffer is left
untouched on invalid input.

Link: https://lore.kernel.org/20260324223210.47676-1-objecting@objecting.org
Link: https://lore.kernel.org/20260324223210.47676-2-objecting@objecting.org
Fixes: 9c7d3cf94d33 ("lib/base64: rework encode/decode for speed and stricter validation")
Signed-off-by: Josh Law <objecting@objecting.org>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>