I sent the email below to [email protected] to file a bug as documented on http://www.openssl.org/support/rt.html However I have not seen a request created in the request tracker yet or the original email on this mailing list. I'm forwarding it to this list in case OpenSSL developers have any comments on the bug or my proposed fix.
FYI: I did not find this bug myself but I have been asked to provide a patch for OpenSSL. -----Original Message----- From: Robert Dugal Sent: Tuesday, September 13, 2011 2:27 PM To: '[email protected]' Subject: bug report: segfault from base64 decoding If you append 64 '=' characters to the output of a base64 encoding then you get a segfault when decoding the output. i.e. The following will cause a segfault: echo ZW5jb2RlIG1lCg================================================================== | openssl enc -d -base64 I tested this using openssl-1.0.0d, openssl-1.0.0e, and openssl-0.9.8r on both linux and windows. This problem is from this code in EVP_DecodeUpdate() of encode.c v=EVP_DecodeBlock(out,d,n); n=0; if (v < 0) { rv=0; goto end; } ret+=(v-eof); In this case 'eof' is greater than 'v' and as a result 'ret' is a negative number. Then in bio_b64.c in function b64_read() it will segfault when it calls memcpy() I can avoid the segfault by patching EVP_DecodeUpdate() like this: v=EVP_DecodeBlock(out,d,n); n=0; if (v < 0) { rv=0; goto end; } ret+=(v-eof); if (ret<0){ ret=0; rv= -1; goto end; } I don't know if this is the correct fix but it stops the segfault. --------------------------------------------------------------------- This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
