On Tue, Dec 02, 2025 at 10:22:44AM +0100, Jonas Rebmann wrote: > __decode_base64 generally writes the input in 3 bytes increments, > corresponding to 4 bytes increments in the base64 input buffer. This > means that in order to respect dst_len as the size of the output buffer, > the case of exceeding dst_len within a loop iteration must be > considered. > > In such a case, refrain from writing the last one or two bytes if that > write would be past dst_len. > > Signed-off-by: Jonas Rebmann <[email protected]> > --- > lib/base64.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-)
I wonder if we should switch to the kernel functions from lib/base64.c instead. They look much more straight forward than the busybox based implementation. Sascha > > diff --git a/lib/base64.c b/lib/base64.c > index d5ab217528..3e29f0a56c 100644 > --- a/lib/base64.c > +++ b/lib/base64.c > @@ -163,19 +163,19 @@ static int __decode_base64(char *p_dst, int dst_len, > const char *src, bool url) > */ > if (count > 1) > *dst++ = six_bit[0] << 2 | six_bit[1] >> 4; > - if (count > 2) > + if (count > 2 && dst_len > 1) > *dst++ = six_bit[1] << 4 | six_bit[2] >> 2; > - if (count > 3) > + if (count > 3 && dst_len > 2) > *dst++ = six_bit[2] << 6 | six_bit[3]; > + /* last character was "=" */ > + if (count != 0) > + length += min(count - 1, dst_len); > /* > * Note that if we decode "AA==" and ate first '=', > * we just decoded one char (count == 2) and now we'll > * do the loop once more to decode second '='. > */ > dst_len -= count-1; > - /* last character was "=" */ > - if (count != 0) > - length += count - 1; > } > ret: > p_dst = dst; > > -- > 2.51.2.535.g419c72cb8a > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
