Hi, 
Guest
Pic
Sign In

pjsip@lists.pjsip.org

pjsip list

View all threads

base64: fix issues

AB
Adrien Béraud
Wed, May 3, 2017 3:26 PM

This patch fix two bugs in PJSIP' base64 implementation:

  • prevent invalid memory access for empty input string
  • allow using an output buffer of just the right size

--- a/pjlib-util/src/pjlib-util/base64.c 2017-05-03 10:29:07.200417026 -0400
+++ b/pjlib-util/src/pjlib-util/base64.c 2017-05-03 10:28:30.344335390 -0400
@@ -131,7 +131,7 @@

 PJ_ASSERT_RETURN(input && out && out_len, PJ_EINVAL);
  • while (buf[len-1] == '=' && len)

  • while (len && buf[len-1] == '=')
    --len;

    PJ_ASSERT_RETURN(*out_len >= PJ_BASE64_TO_BASE256_LEN(len),
    @@ -161,7 +161,7 @@
    out[j++] = (pj_uint8_t)(((c[2] & 0x03)<<6) | (c[3] & 0x3F));
    }

  • pj_assert(j < *out_len);

  • pj_assert(j <= *out_len);
    *out_len = j;

    return PJ_SUCCESS;

Adrien Béraud

This patch fix two bugs in PJSIP' base64 implementation: * prevent invalid memory access for empty input string * allow using an output buffer of just the right size --- a/pjlib-util/src/pjlib-util/base64.c 2017-05-03 10:29:07.200417026 -0400 +++ b/pjlib-util/src/pjlib-util/base64.c 2017-05-03 10:28:30.344335390 -0400 @@ -131,7 +131,7 @@ PJ_ASSERT_RETURN(input && out && out_len, PJ_EINVAL); - while (buf[len-1] == '=' && len) + while (len && buf[len-1] == '=') --len; PJ_ASSERT_RETURN(*out_len >= PJ_BASE64_TO_BASE256_LEN(len), @@ -161,7 +161,7 @@ out[j++] = (pj_uint8_t)(((c[2] & 0x03)<<6) | (c[3] & 0x3F)); } - pj_assert(j < *out_len); + pj_assert(j <= *out_len); *out_len = j; return PJ_SUCCESS; --- Adrien Béraud
M
Ming
Thu, May 4, 2017 5:24 AM

Hi Adrien,

Thanks for the patch. We committed it in r5589 (
https://trac.pjsip.org/repos/changeset/5589).

Best regards,
Ming

On Wed, May 3, 2017 at 11:26 PM, Adrien Béraud <
adrien.beraud@savoirfairelinux.com> wrote:

This patch fix two bugs in PJSIP' base64 implementation:

  • prevent invalid memory access for empty input string
  • allow using an output buffer of just the right size

--- a/pjlib-util/src/pjlib-util/base64.c        2017-05-03
10:29:07.200417026 -0400
+++ b/pjlib-util/src/pjlib-util/base64.c        2017-05-03
10:28:30.344335390 -0400
@@ -131,7 +131,7 @@

  PJ_ASSERT_RETURN(input && out && out_len, PJ_EINVAL);
  • while (buf[len-1] == '=' && len)

  • while (len && buf[len-1] == '=')
    --len;

    PJ_ASSERT_RETURN(*out_len >= PJ_BASE64_TO_BASE256_LEN(len),
    @@ -161,7 +161,7 @@
    out[j++] = (pj_uint8_t)(((c[2] & 0x03)<<6) | (c[3] & 0x3F));
    }

  • pj_assert(j < *out_len);

  • pj_assert(j <= *out_len);
    *out_len = j;

    return PJ_SUCCESS;

Adrien Béraud

Visit our blog: http://blog.pjsip.org

pjsip mailing list
pjsip@lists.pjsip.org
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org

Hi Adrien, Thanks for the patch. We committed it in r5589 ( https://trac.pjsip.org/repos/changeset/5589). Best regards, Ming On Wed, May 3, 2017 at 11:26 PM, Adrien Béraud < adrien.beraud@savoirfairelinux.com> wrote: > This patch fix two bugs in PJSIP' base64 implementation: > * prevent invalid memory access for empty input string > * allow using an output buffer of just the right size > > --- a/pjlib-util/src/pjlib-util/base64.c 2017-05-03 > 10:29:07.200417026 -0400 > +++ b/pjlib-util/src/pjlib-util/base64.c 2017-05-03 > 10:28:30.344335390 -0400 > @@ -131,7 +131,7 @@ > > PJ_ASSERT_RETURN(input && out && out_len, PJ_EINVAL); > > - while (buf[len-1] == '=' && len) > + while (len && buf[len-1] == '=') > --len; > > PJ_ASSERT_RETURN(*out_len >= PJ_BASE64_TO_BASE256_LEN(len), > @@ -161,7 +161,7 @@ > out[j++] = (pj_uint8_t)(((c[2] & 0x03)<<6) | (c[3] & 0x3F)); > } > > - pj_assert(j < *out_len); > + pj_assert(j <= *out_len); > *out_len = j; > > return PJ_SUCCESS; > > --- > Adrien Béraud > > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip@lists.pjsip.org > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org >
Empathy v1.0   2025 ©emwd.com
Documentation