evp: prevent underflow in base64 decoding
authorGeoff Thorpe <geoff@openssl.org>
Sun, 4 May 2014 22:44:14 +0000 (18:44 -0400)
committerGeoff Thorpe <geoff@openssl.org>
Tue, 6 May 2014 22:10:23 +0000 (18:10 -0400)
This patch resolves RT ticket #2608.

Thanks to Robert Dugal for originally spotting this, and to David
Ramos for noticing that the ball had been dropped.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
crypto/evp/encode.c

index 28546a8..4654bdc 100644 (file)
@@ -324,6 +324,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
                                v=EVP_DecodeBlock(out,d,n);
                                n=0;
                                if (v < 0) { rv=0; goto end; }
+                               if (eof > v) { rv=-1; goto end; }
                                ret+=(v-eof);
                                }
                        else