RT3757: base64 encoding bugs (3cdd1e94) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Commit 3cdd1e94 authored Sep 02, 2015 by

Emilia Kasper

RT3757: base64 encoding bugs



Rewrite EVP_DecodeUpdate.

In particular: reject extra trailing padding, and padding in the middle
of the content. Don't limit line length. Add tests.

Previously, the behaviour was ill-defined, and depended on the position
of the padding within the input.

In addition, this appears to fix a possible two-byte oob read.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>

parent 4bd16463

Hide whitespace changes

Inline Side-by-side

Please register or to comment