From 64bda23cad8cb912a55328ee9a298ca4d9795477 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Fri, 20 Jun 2014 12:00:00 -0700 Subject: [PATCH] Base64 padding fix. https://rt.openssl.org/Ticket/Display.html?id=2608 Previously, this input to the base64 code: ================================================================================- Would cause the output length of EVP_DecodeUpdate to be negative. When that happened in the base64 BIO, it would crash. In PEM decoding, the ASN.1 code actually maintains signed lengths and manages to simply error out! --- crypto/base64/base64.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/crypto/base64/base64.c b/crypto/base64/base64.c index fb9aa366..94c3055c 100644 --- a/crypto/base64/base64.c +++ b/crypto/base64/base64.c @@ -250,6 +250,11 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len, seof = n; } eof++; + if (eof > 2) { + /* There are, at most, two equals signs at the end of base64 data. */ + rv = -1; + goto end; + } } if (v == B64_CR) {