aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2009-08-13 13:36:41 (GMT)
committerJouni Malinen <j@w1.fi>2009-11-22 18:27:11 (GMT)
commitf4403fe8645a6f974fc9cf9caa066eaf3dc102ea (patch)
tree744224ea8b55ae4ade8b091ce933b14426df41e9
parent8e894f1690ac4bccaabf312715dc24cc2e0ed3b9 (diff)
downloadhostap-06-f4403fe8645a6f974fc9cf9caa066eaf3dc102ea.zip
hostap-06-f4403fe8645a6f974fc9cf9caa066eaf3dc102ea.tar.gz
hostap-06-f4403fe8645a6f974fc9cf9caa066eaf3dc102ea.tar.bz2
Avoid a theoretical integer overflow in base64_encode()
If base64_encode() were to be used with a huge data array, the previous version could have resulted in overwriting the allocated buffer due to an integer overflow as pointed out in http://www.freebsd.org/cgi/query-pr.cgi?pr=137484. However, there are no know use cases in hostapd or wpa_supplicant that would do that. Anyway, the recommended change looks reasonable and provides additional protection should the base64_encode() function be used for something else in the future. (cherry picked from commit 6b23b70445ee091722bc4a9d3933ae16a880d238)
-rw-r--r--src/utils/base64.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/utils/base64.c b/src/utils/base64.c
index 0eadb81..13fc511 100644
--- a/src/utils/base64.c
+++ b/src/utils/base64.c
@@ -43,6 +43,8 @@ unsigned char * base64_encode(const unsigned char *src, size_t len,
olen = len * 4 / 3 + 4; /* 3-byte blocks to 4-byte */
olen += olen / 72; /* line feeds */
olen++; /* nul termination */
+ if (olen < len)
+ return NULL; /* integer overflow */
out = os_malloc(olen);
if (out == NULL)
return NULL;