From 6ccd146b49d9a73406a4ac2d37bb3874e62354c2 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 13 Dec 2019 09:33:00 +1000 Subject: [PATCH] Bade64_Decode - check out length (malformed input) --- wolfcrypt/src/coding.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c index 88b447a08..a32c2efaf 100644 --- a/wolfcrypt/src/coding.c +++ b/wolfcrypt/src/coding.c @@ -93,6 +93,11 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) return ASN_INPUT_E; } + if (i + 1 + !pad3 + !pad4 > *outLen) { + WOLFSSL_MSG("Bad Base64 Decode out buffer, too small"); + return BAD_FUNC_ARG; + } + e1 = base64Decode[e1 - BASE64_MIN]; e2 = base64Decode[e2 - BASE64_MIN]; e3 = (e3 == PAD) ? 0 : base64Decode[e3 - BASE64_MIN];