From: Richard Levitte <levitte@openssl.org>
Date: Fri, 11 Aug 2000 08:36:25 +0000 (+0000)
Subject: Abdelilah Essiari <aes@george.lbl.gov> reports that for very small
X-Git-Tag: OpenSSL-engine-0_9_6-beta1~12^2~70
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=35140f335461c6d03d08247e29a93794e4f96f86

Abdelilah Essiari <aes@george.lbl.gov> reports that for very small
records, EVP_EncodeUpdate() may misbehave.  This happens when there's
a record boundary between the two ending b64 equal signs, which makes
EVP_EncodeUpdate think there has been more than one EOF, and therefore
add an extra NUL at the end of the output buffer.  This fix corrects
that problem.
---

diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index 14a4cb11f6..6ff9c1783c 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -292,7 +292,17 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 		/* If we are at the end of input and it looks like a
 		 * line, process it. */
 		if (((i+1) == inl) && (((n&3) == 0) || eof))
+			{
 			v=B64_EOF;
+			/* In case things were given us in really small
+			   records (so two '=' were given in separate
+			   updates), eof may contain the incorrect number
+			   of ending bytes to skip, so let's redo the count */
+			eof = 0;
+			if (d[n-1] == '=') eof++;
+			if (d[n-2] == '=') eof++;
+			/* There will never be more than two '=' */
+			}
 
 		if ((v == B64_EOF) || (n >= 64))
 			{