evp: prevent underflow in base64 decoding

This patch resolves RT ticket #2608. Thanks to Robert Dugal for originally spotting this, and to David Ramos for noticing that the ball had been dropped. Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2024-11-21 01:15:20 +08:00 · 2014-05-04 18:44:14 -04:00 · 2014-05-04 18:44:14 -04:00 · fce3821111
commit fce3821111
parent 12e9f627f9
1 changed files with 1 additions and 0 deletions
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@ -324,6 +324,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 				v=EVP_DecodeBlock(out,d,n);
 				n=0;
 				if (v < 0) { rv=0; goto end; }
+				if (eof > v) { rv=-1; goto end; }
 				ret+=(v-eof);
 				}
 			else