# HG changeset patch # User Matt Johnston # Date 1591802765 -28800 # Node ID d885a77b98e0ac8d54189d6f8321b87a8226b573 # Parent e9dba7abd939ed410d116cc04ae8b60915180d9c avoid zero length array in base64_decode diff -r e9dba7abd939 -r d885a77b98e0 libtomcrypt/src/misc/base64/base64_decode.c --- a/libtomcrypt/src/misc/base64/base64_decode.c Wed Jun 10 23:16:13 2020 +0800 +++ b/libtomcrypt/src/misc/base64/base64_decode.c Wed Jun 10 23:26:05 2020 +0800 @@ -43,8 +43,8 @@ 255, 255, 255, 255 }; #endif /* LTC_BASE64 */ +#if defined(LTC_BASE64_URL) static const unsigned char map_base64url[] = { -#if defined(LTC_BASE64_URL) 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, @@ -67,8 +67,8 @@ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255 +}; #endif /* LTC_BASE64_URL */ -}; enum { relaxed = 0, @@ -117,8 +117,14 @@ } if (y != 0) { + int allow_b64url = 0; +#ifdef LTC_BASE64_URL + if (map == map_base64url) { + allow_b64url = 1; + } +#endif if (y == 1) return CRYPT_INVALID_PACKET; - if ((y + g) != 4 && is_strict && map != map_base64url) return CRYPT_INVALID_PACKET; + if ((y + g) != 4 && is_strict && !allow_b64url) return CRYPT_INVALID_PACKET; t = t << (6 * (4 - y)); if (z + y - 1 > *outlen) return CRYPT_BUFFER_OVERFLOW; if (y >= 2) out[z++] = (unsigned char) ((t >> 16) & 255);