If you append 64 '=' characters to the output of a base64 encoding then you get
a segfault when decoding the output.
i.e. The following will cause a segfault:
echo
ZW5jb2RlIG1lCg==================================================================
| openssl enc -d -base64
I tested this using openssl-1.0.0d, openssl-1.0.0e, and openssl-0.9.8r on both
linux and windows.
This problem is from this code in EVP_DecodeUpdate() of encode.c
v=EVP_DecodeBlock(out,d,n);
n=0;
if (v < 0) { rv=0; goto end; }
ret+=(v-eof);
In this case 'eof' is greater than 'v' and as a result 'ret' is a negative
number.
Then in bio_b64.c in function b64_read() it will segfault when it calls memcpy()
I can avoid the segfault by patching EVP_DecodeUpdate() like this:
v=EVP_DecodeBlock(out,d,n);
n=0;
if (v < 0) { rv=0; goto end; }
ret+=(v-eof);
if (ret<0){ ret=0; rv= -1; goto end; }
I don't know if this is the correct fix but it stops the segfault.
---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential
information, privileged material (including material protected by the
solicitor-client or other applicable privileges), or constitute non-public
information. Any use of this information by anyone other than the intended
recipient is prohibited. If you have received this transmission in error,
please immediately reply to the sender and delete this information from your
system. Use, dissemination, distribution, or reproduction of this transmission
by unintended recipients is not authorized and may be unlawful.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
