WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.

Commit efd24d57 authored Sep 28, 2016 by Daniel Stenberg

base64: check for integer overflow on large input

CVE-2016-8617

Bug: https://curl.haxx.se/docs/adv_20161102C.html
Reported-by: Cure53

parent 3d6460ed

lib/base64.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -190,6 +190,11 @@ static CURLcode base64_encode(const char *table64,
		if(!insize)
		insize = strlen(indata);

		#if SIZEOF_SIZE_T == 4
		if(insize > UINT_MAX/4)
		return CURLE_OUT_OF_MEMORY;
		#endif

		base64data = output = malloc(insize * 4 / 3 + 4);
		if(!output)
		return CURLE_OUT_OF_MEMORY;

Admin message