Commit efd24d57 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

base64: check for integer overflow on large input 

CVE-2016-8617

Bug: https://curl.haxx.se/docs/adv_20161102C.html
Reported-by: Cure53
parent 3d6460ed

lib/base64.c

+5 −0
Original line number Diff line number Diff line
@@ -190,6 +190,11 @@ static CURLcode base64_encode(const char *table64, 
  if(!insize)

    insize = strlen(indata);



#if SIZEOF_SIZE_T == 4

  if(insize > UINT_MAX/4)

    return CURLE_OUT_OF_MEMORY;

#endif



  base64data = output = malloc(insize * 4 / 3 + 4);

  if(!output)

    return CURLE_OUT_OF_MEMORY;