From c8b05eef612568efed003638fe6db20fa241badf Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Thu, 30 Jul 2009 10:36:39 +0200 Subject: [PATCH] (base64_encode): bound input length to /4 of max int and positive --- lib/roken/base64.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/roken/base64.c b/lib/roken/base64.c index 5e720eb6d..bc74391b5 100644 --- a/lib/roken/base64.c +++ b/lib/roken/base64.c @@ -58,6 +58,11 @@ base64_encode(const void *data, int size, char **str) int c; const unsigned char *q; + if (size > INT_MAX/4 || size < 0) { + *str = NULL; + return -1; + } + p = s = (char *) malloc(size * 4 / 3 + 4); if (p == NULL) { *str = NULL;