evp: prevent underflow in base64 decoding

This patch resolves RT ticket #2608. Thanks to Robert Dugal for originally spotting this, and to David Ramos for noticing that the ball had been dropped. Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-05-04 18:44:14 -04:00 · 2014-05-04 18:44:14 -04:00 · 65402586c0
commit 65402586c0
parent bf43446835
1 changed files with 1 additions and 0 deletions
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@ -324,6 +324,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 				v=EVP_DecodeBlock(out,d,n);
 				n=0;
 				if (v < 0) { rv=0; goto end; }
+				if (eof > v) { rv=-1; goto end; }
 				ret+=(v-eof);
 				}
 			else