base64: fix underflow in EVP_EncodeBlock.

When I switched the base64 code to use size_t, I missed that one of the loops was counting down, not up, and depended on the loop variable going negative. Additionally this change fixes a bug in NETSCAPE_SPKI_b64_encode where the size of the result buffer was incorrectly calculated and a possible memory leak. Change-Id: Ibdf644244291274f50b314f3bb13a61b46858ca1 Reviewed-on: https://boringssl-review.googlesource.com/1220 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
author: Adam Langley <agl@chromium.org> 2014-07-16 21:16:06 +0400
committer: Adam Langley <agl@google.com> 2014-07-16 22:14:32 +0400
commit: 8750fe58f4bd74a3dd1aeba47ace94907d0a7de5 (patch)
tree: 2f1603f6ec6e89c16c2755e16e6bfc01a41c44d5 /crypto/x509
parent: 8f3234b2c8efc4aea4e49e0b7e03b29131c99662 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/crypto/x509/x509spki.c b/crypto/x509/x509spki.c
index ffadcb4f..243a7d26 100644
--- a/crypto/x509/x509spki.c
+++ b/crypto/x509/x509spki.c
@@ -105,8 +105,13 @@ char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
 	int der_len;
 	der_len = i2d_NETSCAPE_SPKI(spki, NULL);
 	der_spki = OPENSSL_malloc(der_len);
-	b64_str = OPENSSL_malloc(der_len * 2);
-	if(!der_spki || !b64_str) {
+	if (der_spki == NULL) {
+		OPENSSL_PUT_ERROR(X509, NETSCAPE_SPKI_b64_encode, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	b64_str = OPENSSL_malloc((der_len + 2) / 3 * 4 + 1);
+	if (b64_str == NULL) {
+		OPENSSL_free(der_spki);
 		OPENSSL_PUT_ERROR(X509, NETSCAPE_SPKI_b64_encode, ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
author	Adam Langley <agl@chromium.org>	2014-07-16 21:16:06 +0400
committer	Adam Langley <agl@google.com>	2014-07-16 22:14:32 +0400
commit	8750fe58f4bd74a3dd1aeba47ace94907d0a7de5 (patch)
tree	2f1603f6ec6e89c16c2755e16e6bfc01a41c44d5 /crypto/x509
parent	8f3234b2c8efc4aea4e49e0b7e03b29131c99662 (diff)