Hi Simon,
* Simon Josefsson wrote on Fri, Mar 24, 2006 at 12:06:31PM CET:
> FYI: The update of RFC 3548 will include lib/base64.?, so additional
> review of these two files would be appreciated.
If CHAR_BIT > 8, then an unsanitized array `in' as argument to
base64_encode could read past the bounds of b64str. I believe
the patch below should fix this. If you're worried about the
compiler not optimizing this away on systems with CHAR_BIT == 8
(which I have not checked), it would probably help to mask the
input with 0x7f here.
FWIW, I have not done a thorough review.
Cheers,
Ralf
* lib/base64.c (base64_encode): Do not read past end of
array with unsanitized input on systems with CHAR_BIT > 8.
Index: lib/base64.c
===================================================================
RCS file: /cvsroot/gnulib/gnulib/lib/base64.c,v
retrieving revision 1.6
diff -u -r1.6 base64.c
--- lib/base64.c 12 Jan 2006 08:59:35 -0000 1.6
+++ lib/base64.c 24 Mar 2006 12:17:42 -0000
@@ -73,7 +73,7 @@
while (inlen && outlen)
{
- *out++ = b64str[to_uchar (in[0]) >> 2];
+ *out++ = b64str[(to_uchar (in[0]) >> 2) & 0x3f];
if (!--outlen)
break;
*out++ = b64str[((to_uchar (in[0]) << 4)
_______________________________________________
bug-gnulib mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-gnulib
