[PATCH v2 1/2] lib: base64: Fix out-of-bounds potential by respecting dst_len
Sascha Hauer
s.hauer at pengutronix.de
Wed Dec 3 00:59:22 PST 2025
On Tue, Dec 02, 2025 at 10:22:44AM +0100, Jonas Rebmann wrote:
> __decode_base64 generally writes the input in 3 bytes increments,
> corresponding to 4 bytes increments in the base64 input buffer. This
> means that in order to respect dst_len as the size of the output buffer,
> the case of exceeding dst_len within a loop iteration must be
> considered.
>
> In such a case, refrain from writing the last one or two bytes if that
> write would be past dst_len.
>
> Signed-off-by: Jonas Rebmann <jre at pengutronix.de>
> ---
> lib/base64.c | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
I wonder if we should switch to the kernel functions from lib/base64.c
instead. They look much more straight forward than the busybox based
implementation.
Sascha
>
> diff --git a/lib/base64.c b/lib/base64.c
> index d5ab217528..3e29f0a56c 100644
> --- a/lib/base64.c
> +++ b/lib/base64.c
> @@ -163,19 +163,19 @@ static int __decode_base64(char *p_dst, int dst_len, const char *src, bool url)
> */
> if (count > 1)
> *dst++ = six_bit[0] << 2 | six_bit[1] >> 4;
> - if (count > 2)
> + if (count > 2 && dst_len > 1)
> *dst++ = six_bit[1] << 4 | six_bit[2] >> 2;
> - if (count > 3)
> + if (count > 3 && dst_len > 2)
> *dst++ = six_bit[2] << 6 | six_bit[3];
> + /* last character was "=" */
> + if (count != 0)
> + length += min(count - 1, dst_len);
> /*
> * Note that if we decode "AA==" and ate first '=',
> * we just decoded one char (count == 2) and now we'll
> * do the loop once more to decode second '='.
> */
> dst_len -= count-1;
> - /* last character was "=" */
> - if (count != 0)
> - length += count - 1;
> }
> ret:
> p_dst = dst;
>
> --
> 2.51.2.535.g419c72cb8a
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list