Base64 padding fix.

https://rt.openssl.org/Ticket/Display.html?id=2608 Previously, this input to the base64 code: ================================================================================- Would cause the output length of EVP_DecodeUpdate to be negative. When that happened in the base64 BIO, it would crash. In PEM decoding, the ASN.1 code actually maintains signed lengths and manages to simply error out!
author: Adam Langley <agl@chromium.org> 2014-06-20 23:00:00 +0400
committer: Adam Langley <agl@chromium.org> 2014-06-21 00:17:36 +0400
commit: 64bda23cad8cb912a55328ee9a298ca4d9795477 (patch)
tree: 406439eb423a12f59482a5358e2760632571d2aa /crypto/base64
parent: c3174b7b2d3b4517b597dc3e0d0db18a718d6ab5 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/crypto/base64/base64.c b/crypto/base64/base64.c
index fb9aa366..94c3055c 100644
--- a/crypto/base64/base64.c
+++ b/crypto/base64/base64.c
@@ -250,6 +250,11 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len,
         seof = n;
       }
       eof++;
+      if (eof > 2) {
+        /* There are, at most, two equals signs at the end of base64 data. */
+        rv = -1;
+        goto end;
+      }
     }
 
     if (v == B64_CR) {
author	Adam Langley <agl@chromium.org>	2014-06-20 23:00:00 +0400
committer	Adam Langley <agl@chromium.org>	2014-06-21 00:17:36 +0400
commit	64bda23cad8cb912a55328ee9a298ca4d9795477 (patch)
tree	406439eb423a12f59482a5358e2760632571d2aa /crypto/base64
parent	c3174b7b2d3b4517b597dc3e0d0db18a718d6ab5 (diff)