mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2026-03-20 19:21:09 +01:00
2b3d6a8f28
Correct base64 input (excluding ignored characters such as spaces) consists of exactly 4*k, 4*k-1 or 4*k-2 digits, followed by 0, 1 or 2 equal signs respectively. Previously, any number of trailing equal signs up to 2 was accepted, but if there fewer than 4*k digits-or-equals, the last partial block was counted in `*olen` in buffer-too-small mode, but was not output despite returning 0. Now `mbedtls_base64_decode()` insists on correct padding. This is backward-compatible since the only plausible useful inputs that used to be accepted were inputs with 4*k-1 or 4*k-2 digits and no trailing equal signs, and those led to invalid (truncated) output. Furthermore the function now always reports the exact output size in buffer-too-small mode. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
9 lines
476 B
Plaintext
9 lines
476 B
Plaintext
Bugfix
|
|
* Fix mbedtls_base64_decode() on inputs that did not have the correct
|
|
number of trailing equal signs, or had 4*k+1 digits. They were accepted
|
|
as long as they had at most two trailing equal signs. They are now
|
|
rejected. Furthermore, before, on inputs with too few equal signs, the
|
|
function reported the correct size in *olen when it returned
|
|
MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL, but truncated the output to the
|
|
last multiple of 3 bytes.
|