diff options
author | Tomas Hoger <thoger@redhat.com> | 2018-03-07 11:30:18 +0100 |
---|---|---|
committer | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2018-03-12 22:16:55 +0100 |
commit | 889d293b45a5b0124aea16c41294860b3905a262 (patch) | |
tree | 0c52eeddc6f351248a62f71f0cb8d3dbfd12ed87 /doc/doc-txt/DANE-draft-notes | |
parent | 71bb51e08dc03f768d19f237fed415bc74246de3 (diff) |
Fix dec64table[] OOB read in b64decode()
Possible values for y at this point are 0..255. However, dec64table[]
only has 128 entries and hence valid indexes are 0..127. The values of
y greater than 127 trigger out of bounds read. As dec64table[] is in
the data segment, the OOB access is not detected by tools as valgrind or
ASAN. This adds a check to ensure y is less than or equal to 127, just
like in other cases where dec64table[] is accessed.
Note that removal of the y == 0 condition is not a problem, as
dec64table[0] == 255, so the second part of the condition is true.
Diffstat (limited to 'doc/doc-txt/DANE-draft-notes')
0 files changed, 0 insertions, 0 deletions