[v1] lib/base64: decode fixes

[PATCH 1/2] lib/base64: validate before writing in decode tail path

Posted by Josh Law 1 week, 2 days ago

The trailing-bytes path in base64_decode() writes a decoded byte to
the output buffer before checking whether the input characters are
valid. If the input is malformed, garbage is written to dst before the
function returns -1.

Move the validity checks before any writes so the output buffer is
left untouched on invalid input.

Fixes: 98391 ("lib/base64: add base64 encoding/decoding helper")
Signed-off-by: Josh Law <objecting@objecting.org>
---
 lib/base64.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/base64.c b/lib/base64.c
index 41961a444028..20dacee25f65 100644
--- a/lib/base64.c
+++ b/lib/base64.c
@@ -168,15 +168,16 @@ int base64_decode(const char *src, int srclen, u8 *dst, bool padding, enum base6
 		return -1;
 
 	val = (base64_rev_tables[s[0]] << 12) | (base64_rev_tables[s[1]] << 6);
-	*bp++ = val >> 10;
 
 	if (srclen == 2) {
 		if (val & 0x800003ff)
 			return -1;
+		*bp++ = val >> 10;
 	} else {
 		val |= base64_rev_tables[s[2]];
 		if (val & 0x80000003)
 			return -1;
+		*bp++ = val >> 10;
 		*bp++ = val >> 2;
 	}
 	return bp - dst;
-- 
2.34.1

[PATCH 1/2] lib/base64: validate before writing in decode tail path
[PATCH 2/2] lib/base64: fix copy-pasted @padding doc in base64_decode()