moriyoshi Wed Jun 4 10:42:04 2003 EDT Modified files: (Branch: PHP_4_3) /php4/ext/standard base64.c Log: MFH(r-1.38): fixed base64_encode() integer overflow issue pointed out in TODO_SEGFAULTS Index: php4/ext/standard/base64.c diff -u php4/ext/standard/base64.c:1.33.4.2 php4/ext/standard/base64.c:1.33.4.3 --- php4/ext/standard/base64.c:1.33.4.2 Tue Dec 31 11:35:24 2002 +++ php4/ext/standard/base64.c Wed Jun 4 10:42:04 2003 @@ -15,7 +15,7 @@ | Author: Jim Winstead <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ */ -/* $Id: base64.c,v 1.33.4.2 2002/12/31 16:35:24 sebastian Exp $ */ +/* $Id: base64.c,v 1.33.4.3 2003/06/04 14:42:04 moriyoshi Exp $ */ #include <string.h> @@ -52,18 +52,28 @@ }; /* }}} */ -/* {{{ */ +/* {{{ php_base64_encode */ unsigned char *php_base64_encode(const unsigned char *str, int length, int *ret_length) { const unsigned char *current = str; - int i = 0; - unsigned char *result = (unsigned char *)emalloc(((length + 3 - length % 3) * 4 / 3 + 1) * sizeof(char)); + unsigned char *p; + unsigned char *result; + + if ((length + 2) < 0 || ((length + 2) / 3) >= (1 << (sizeof(int) * 8 - 2))) { + if (ret_length != NULL) { + *ret_length = 0; + } + return NULL; + } + + result = (unsigned char *)safe_emalloc(((length + 2) / 3) * 4, sizeof(char), 1); + p = result; while (length > 2) { /* keep going until we have less than 24 bits */ - result[i++] = base64_table[current[0] >> 2]; - result[i++] = base64_table[((current[0] & 0x03) << 4) + (current[1] >> 4)]; - result[i++] = base64_table[((current[1] & 0x0f) << 2) + (current[2] >> 6)]; - result[i++] = base64_table[current[2] & 0x3f]; + *p++ = base64_table[current[0] >> 2]; + *p++ = base64_table[((current[0] & 0x03) << 4) + (current[1] >> 4)]; + *p++ = base64_table[((current[1] & 0x0f) << 2) + (current[2] >> 6)]; + *p++ = base64_table[current[2] & 0x3f]; current += 3; length -= 3; /* we just handle 3 octets of data */ @@ -71,22 +81,21 @@ /* now deal with the tail end of things */ if (length != 0) { - result[i++] = base64_table[current[0] >> 2]; + *p++ = base64_table[current[0] >> 2]; if (length > 1) { - result[i++] = base64_table[((current[0] & 0x03) << 4) + (current[1] >> 4)]; - result[i++] = base64_table[(current[1] & 0x0f) << 2]; - result[i++] = base64_pad; - } - else { - result[i++] = base64_table[(current[0] & 0x03) << 4]; - result[i++] = base64_pad; - result[i++] = base64_pad; + *p++ = base64_table[((current[0] & 0x03) << 4) + (current[1] >> 4)]; + *p++ = base64_table[(current[1] & 0x0f) << 2]; + *p++ = base64_pad; + } else { + *p++ = base64_table[(current[0] & 0x03) << 4]; + *p++ = base64_pad; + *p++ = base64_pad; } } - if(ret_length) { - *ret_length = i; + if (ret_length != NULL) { + *ret_length = (int)(p - result); } - result[i] = '\0'; + *p = '\0'; return result; } /* }}} */ @@ -125,7 +134,7 @@ */ /* }}} */ -/* {{{ */ +/* {{{ php_base64_decode */ /* as above, but backwards. :) */ unsigned char *php_base64_decode(const unsigned char *str, int length, int *ret_length) {
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php