clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 02:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

base64_decode: reorder to fix out of bounds read

Browse Source
This commit is contained in:
Lauri Kenttä 2016-05-25 20:28:45 +03:00 committed by Nikita Popov
parent ea640e6117
commit c65de8ac13
1 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
ext/standard/base64.c
View File

@ -143,16 +143,19 @@ PHPAPI zend_string *php_base64_decode_ex(const unsigned char *str, size_t length
result = zend_string_alloc(length, 0);
/* run through the whole string, converting as we go */
while ((ch = *current++) != '\0' && length-- > 0) {
while (length-- > 0 && (ch = *current++) != '\0') {
if (ch == base64_pad) {
if (*current != '=' && ((i % 4) == 1 || (strict && length > 0))) {
if ((i % 4) != 1) {
while (isspace(*(++current))) {
continue;
}
if (*current == '\0') {
continue;
}
if (i % 4 == 1) {
if (length == 0 || *current != '=') {
zend_string_free(result);
return NULL;
}
} else if (length > 0 && *current != '=' && strict) {
while (--length > 0 && isspace(*++current)) {
continue;
}
if (length == 0 || *current == '\0') {
continue;
}
zend_string_free(result);
return NULL;