← Back to branch summary

~ubuntu-branches/ubuntu/precise/libotr/precise-security

~ubuntu-branches/ubuntu/precise/libotr/precise-security

« back to all changes in this revision

Viewing changes to src/b64.c

Committer: Package Import Robot
Author(s): Felix Geyer
Date: 2012-08-09 15:12:38 UTC
Revision ID: package-import@ubuntu.com-20120809151238-ktgynuvd8chhqha4

Tags: 3.2.0-4ubuntu0.1

https://launchpad.net/bugs/1034623

* SECURITY UPDATE: multiple heap-based buffer overflows (LP: #1034623)
  - 0001-Use-ceil-instead-of-floor-to-compute-the-size-of-the.patch,
    0002-More-thorough-base64-fix.patch,
    0003-One-more-otrl_base64_decode-in-the-toolkit.patch:
    patches from upstream
  - CVE-2012-3461

files added:
.pc

.pc/.quilt_patches

.pc/.quilt_series

.pc/.version

.pc/0001-Use-ceil-instead-of-floor-to-compute-the-size-of-the.patch

.pc/0001-Use-ceil-instead-of-floor-to-compute-the-size-of-the.patch/ChangeLog

.pc/0001-Use-ceil-instead-of-floor-to-compute-the-size-of-the.patch/src

.pc/0001-Use-ceil-instead-of-floor-to-compute-the-size-of-the.patch/src/b64.c

.pc/0002-More-thorough-base64-fix.patch

.pc/0002-More-thorough-base64-fix.patch/ChangeLog

.pc/0002-More-thorough-base64-fix.patch/src

.pc/0002-More-thorough-base64-fix.patch/src/b64.c

.pc/0002-More-thorough-base64-fix.patch/src/b64.h

.pc/0002-More-thorough-base64-fix.patch/src/proto.c

.pc/0003-One-more-otrl_base64_decode-in-the-toolkit.patch

.pc/0003-One-more-otrl_base64_decode-in-the-toolkit.patch/toolkit

.pc/0003-One-more-otrl_base64_decode-in-the-toolkit.patch/toolkit/parse.c

.pc/applied-patches

debian/patches

debian/patches/0001-Use-ceil-instead-of-floor-to-compute-the-size-of-the.patch

debian/patches/0002-More-thorough-base64-fix.patch

debian/patches/0003-One-more-otrl_base64_decode-in-the-toolkit.patch

debian/patches/series

files modified:
ChangeLog

debian/changelog

debian/control

src/b64.c

src/b64.h

src/proto.c

toolkit/parse.c

Show diffs side-by-side

added added

removed removed

55

55

\******************************************************************* */

56

56

57

57

/* system headers */

58

#include <stdlib.h>

58

#include <stdio.h>

59

59

#include <string.h>

60

60

61

61

/* libotr headers */

147

147

* base64 decode data. Skip non-base64 chars, and terminate at the

148

148

* first '=', or the end of the buffer.

149

149

*

150

* The buffer data must contain at least (base64len / 4) * 3 bytes of

151

* space. This function will return the number of bytes actually used.

150

* The buffer data must contain at least ((base64len+3) / 4) * 3 bytes

151

* of space. This function will return the number of bytes actually

152

* used.

152

153

*/

153

154

size_t otrl_base64_decode(unsigned char *data, const char *base64data,

154

155

size_t base64len)

234

235

return -2;

235

236

}

236

237

238

/* Skip over the "?OTR:" */

239

otrtag += 5;

240

msglen -= 5;

241

237

242

/* Base64-decode the message */

238

rawlen = ((msglen-5) / 4) * 3; /* maximum possible */

243

rawlen = OTRL_B64_MAX_DECODED_SIZE(msglen); /* maximum possible */

239

244

rawmsg = malloc(rawlen);

240

245

if (!rawmsg && rawlen > 0) {

241

246

return -1;

242

247

}

243

rawlen = otrl_base64_decode(rawmsg, otrtag+5, msglen-5); /* actual size */

248

249

rawlen = otrl_base64_decode(rawmsg, otrtag, msglen); /* actual size */

244

250

245

251

*bufp = rawmsg;

246

252

*lenp = rawlen;

Older »