summaryrefslogtreecommitdiff
path: root/lib/base64.c
diff options
context:
space:
mode:
authorSteve Holme <steve_holme@hotmail.com>2013-10-30 07:31:22 +0000
committerSteve Holme <steve_holme@hotmail.com>2013-10-30 07:31:22 +0000
commite17c1b25bc33ebcbb4e11ecbad63188ccaa0c3bd (patch)
tree436b382666972b1c8b94427efde9890ada09869c /lib/base64.c
parent7d1eb66cd72879bd909188d9e7c3cf05f13017b3 (diff)
downloadcurl-e17c1b25bc33ebcbb4e11ecbad63188ccaa0c3bd.tar.gz
base64: Added basic validation to base64 input string when decoding
A base64 string should be a multiple of 4 characters in length, not contain any more than 2 padding characters and only contain padding characters at the end of string. For example: Y3VybA== Strings such as the following are considered invalid: Y= - Invalid length Y== - Invalid length Y=== - More than two padding characters Y=x= - Padding character contained within string
Diffstat (limited to 'lib/base64.c')
-rw-r--r--lib/base64.c19
1 files changed, 15 insertions, 4 deletions
diff --git a/lib/base64.c b/lib/base64.c
index 3f3f0f9b8..2a7add189 100644
--- a/lib/base64.c
+++ b/lib/base64.c
@@ -82,6 +82,7 @@ static void decodeQuantum(unsigned char *dest, const char *src)
CURLcode Curl_base64_decode(const char *src,
unsigned char **outptr, size_t *outlen)
{
+ size_t srcLen = 0;
size_t length = 0;
size_t equalsTerm = 0;
size_t i;
@@ -92,21 +93,31 @@ CURLcode Curl_base64_decode(const char *src,
*outptr = NULL;
*outlen = 0;
+ srcLen = strlen(src);
+ /* Check the length of the input string is valid */
+ if(!srcLen || srcLen % 4)
+ return CURLE_BAD_CONTENT_ENCODING;
+
+ /* Find the position of any = padding characters */
while((src[length] != '=') && src[length])
length++;
+
/* A maximum of two = padding characters is allowed */
if(src[length] == '=') {
equalsTerm++;
if(src[length+equalsTerm] == '=')
equalsTerm++;
}
- numQuantums = (length + equalsTerm) / 4;
+
+ /* Check the = padding characters weren't part way through the input */
+ if(length + equalsTerm != srcLen)
+ return CURLE_BAD_CONTENT_ENCODING;
- /* Don't allocate a buffer if the decoded length is 0 */
- if(numQuantums == 0)
- return CURLE_OK;
+ /* Calculate the number of quantums */
+ numQuantums = (length + equalsTerm) / 4;
+ /* Calculate the size of the decoded string */
rawlen = (numQuantums * 3) - equalsTerm;
/* The buffer must be large enough to make room for the last quantum