Fix potential overflow in base64_encode

2025-07-28 00:21:48 +03:00 · 2015-09-30 16:30:28 +02:00
parent 50a739f8c3
commit 0aa45c209a
3 changed files with 16 additions and 5 deletions
--- a/library/base64.c
+++ b/library/base64.c
@ -85,15 +85,16 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
        return( 0 );
    }

-    n = ( slen << 3 ) / 6;
+    n = slen / 3 + ( slen % 3 != 0 );

-    switch( ( slen << 3 ) - ( n * 6 ) )
+    if( n > ( SIZE_T_MAX - 1 ) / 4 )
    {
-        case  2: n += 3; break;
-        case  4: n += 2; break;
-        default: break;
+        *olen = SIZE_T_MAX;
+        return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
    }

+    n *= 4;
+
    if( dlen < n + 1 )
    {
        *olen = n + 1;