From d0666f289ac013094bbbf547bfbcd616199b7d2d Mon Sep 17 00:00:00 2001
From: Geoff Thorpe <geoff@openssl.org>
Date: Sun, 4 May 2014 18:44:14 -0400
Subject: [PATCH 1/1] evp: prevent underflow in base64 decoding

This patch resolves RT ticket #2608.

Thanks to Robert Dugal for originally spotting this, and to David
Ramos for noticing that the ball had been dropped.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
---
 crypto/evp/encode.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index 28546a84bc..4654bdc61a 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -324,6 +324,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 				v=EVP_DecodeBlock(out,d,n);
 				n=0;
 				if (v < 0) { rv=0; goto end; }
+				if (eof > v) { rv=-1; goto end; }
 				ret+=(v-eof);
 				}
 			else
-- 
2.34.1