diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2016-09-28 00:05:12 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2016-10-31 08:46:35 +0100 |
| commit | efd24d57426bd77c9b5860e6b297904703750412 (patch) | |
| tree | f7020834acedfe81fded05d7d177224e26600530 | |
| parent | 3d6460edeee21d7d790ec570d0887bed1f4366dd (diff) | |
base64: check for integer overflow on large input
CVE-2016-8617
Bug: https://curl.haxx.se/docs/adv_20161102C.html
Reported-by: Cure53
| -rw-r--r-- | lib/base64.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/base64.c b/lib/base64.c index ad254595f..204a2273d 100644 --- a/lib/base64.c +++ b/lib/base64.c @@ -190,6 +190,11 @@ static CURLcode base64_encode(const char *table64, if(!insize) insize = strlen(indata); +#if SIZEOF_SIZE_T == 4 + if(insize > UINT_MAX/4) + return CURLE_OUT_OF_MEMORY; +#endif + base64data = output = malloc(insize * 4 / 3 + 4); if(!output) return CURLE_OUT_OF_MEMORY; |