diff --git a/src/base64.c b/src/base64.c index a5fedc86..ab6077fd 100644 --- a/src/base64.c +++ b/src/base64.c @@ -118,10 +118,6 @@ static size_t li_base64_decode(unsigned char * const result, const size_t out_le } size_t li_to_base64_no_padding(char* out, size_t out_length, const unsigned char* in, size_t in_length, base64_charset charset) { - const size_t full_tuples = in_length / 3; - const size_t in_tuple_remainder = in_length % 3; - const size_t out_tuple_remainder = in_tuple_remainder ? 1 + in_tuple_remainder : 0; - const size_t require_space = 4 * full_tuples + out_tuple_remainder; size_t i; size_t out_pos = 0; const char* const base64_table = (charset) @@ -131,10 +127,8 @@ size_t li_to_base64_no_padding(char* out, size_t out_length, const unsigned char /* check overflows */ /* 1073741823 is max num full_tuples to avoid overflow in uint32_t; * and (1 GB - 1) is ridiculously large for base64-encoded data */ - force_assert(full_tuples <= 1073741823); - /*force_assert(full_tuples <= 4*full_tuples);*/ - /*force_assert(4*full_tuples <= 4*full_tuples + out_tuple_remainder);*/ - force_assert(require_space <= out_length); + force_assert(in_length <= 3221225469); /* (3221225469+2) / 3 * 4 < UINT32_MAX */ + force_assert((in_length+2)/3*4 <= out_length); for (i = 2; i < in_length; i += 3) { unsigned int v = (in[i-2] << 16) | (in[i-1] << 8) | in[i]; @@ -144,8 +138,10 @@ size_t li_to_base64_no_padding(char* out, size_t out_length, const unsigned char out[out_pos+0] = base64_table[v & 0x3f]; out_pos += 4; } - switch (in_tuple_remainder) { + + switch (in_length - (i-2)) { case 0: + default: break; case 1: { @@ -167,7 +163,6 @@ size_t li_to_base64_no_padding(char* out, size_t out_length, const unsigned char } break; } - force_assert(out_pos <= out_length); return out_pos; } @@ -190,7 +185,7 @@ size_t li_to_base64(char* out, size_t out_length, const unsigned char* in, size_ char* buffer_append_base64_encode_opt(buffer *out, const unsigned char* in, size_t in_length, base64_charset charset, int pad) { - const size_t reserve = 4*(in_length/3) + 4; + const size_t reserve = (in_length+2)/3*4; char * const result = buffer_string_prepare_append(out, reserve); const size_t out_pos = (pad) ? li_to_base64(result, reserve, in, in_length, charset) diff --git a/src/mod_secdownload.c b/src/mod_secdownload.c index ea6a8e74..885cc32b 100644 --- a/src/mod_secdownload.c +++ b/src/mod_secdownload.c @@ -166,7 +166,7 @@ static int secdl_verify_mac(plugin_config *config, const char* protected_path, c case SECDL_HMAC_SHA1: { unsigned char digest[20]; - char base64_digest[27]; + char base64_digest[28]; if (!li_hmac_sha1(digest, CONST_BUF_LEN(config->secret), (const unsigned char *)protected_path, @@ -176,7 +176,7 @@ static int secdl_verify_mac(plugin_config *config, const char* protected_path, c return 0; } - li_to_base64_no_padding(base64_digest, 27, digest, 20, BASE64_URL); + li_to_base64_no_padding(base64_digest, 28, digest, 20, BASE64_URL); return (27 == maclen) && http_auth_const_time_memeq(mac, base64_digest, 27); @@ -185,7 +185,7 @@ static int secdl_verify_mac(plugin_config *config, const char* protected_path, c case SECDL_HMAC_SHA256: { unsigned char digest[32]; - char base64_digest[43]; + char base64_digest[44]; if (!li_hmac_sha256(digest, CONST_BUF_LEN(config->secret), (const unsigned char *)protected_path, @@ -195,7 +195,7 @@ static int secdl_verify_mac(plugin_config *config, const char* protected_path, c return 0; } - li_to_base64_no_padding(base64_digest, 43, digest, 32, BASE64_URL); + li_to_base64_no_padding(base64_digest, 44, digest, 32, BASE64_URL); return (43 == maclen) && http_auth_const_time_memeq(mac, base64_digest, 43); diff --git a/src/t/test_base64.c b/src/t/test_base64.c index be0a70e0..fd188fc5 100644 --- a/src/t/test_base64.c +++ b/src/t/test_base64.c @@ -6,24 +6,24 @@ static const base64_charset encs[] = { BASE64_STANDARD, BASE64_URL }; static buffer *check; inline -static void check_base64 (char *out, const size_t out_sz, const char *in, const size_t in_len, const base64_charset enc) { - force_assert(out_sz == li_to_base64_no_padding(out, out_sz, (const unsigned char *)in, in_len, enc)); +static void check_base64 (size_t out_exp, const char *in, const size_t in_len, const base64_charset enc) { + char out[4] = { 0, 0, 0, 0 }; + force_assert(out_exp == li_to_base64_no_padding(out, sizeof(out), (const unsigned char *)in, in_len, enc)); buffer_clear(check); - force_assert(NULL != buffer_append_base64_decode(check, out, out_sz, enc)); + force_assert(NULL != buffer_append_base64_decode(check, out, out_exp, enc)); force_assert(buffer_eq_slen(check, in, in_len)); } static void check_all_len_0 (const base64_charset enc) { - check_base64(NULL, 0, "", 0, enc); + check_base64(0, "", 0, enc); } static void check_all_len_1 (const base64_charset enc) { unsigned int c1; for (c1 = 0; c1 < 256; ++c1) { unsigned char in[] = { c1 }; - char out[2] = { 0, 0 }; - check_base64(out, sizeof(out), (char *)in, sizeof(in), enc); + check_base64(2, (char *)in, sizeof(in), enc); } } @@ -31,8 +31,7 @@ static void check_all_len_2 (const base64_charset enc) { unsigned int c1, c2; for (c1 = 0; c1 < 256; ++c1) for (c2 = 0; c2 < 256; ++c2) { unsigned char in[] = { c1, c2 }; - char out[3] = { 0, 0, 0 }; - check_base64(out, sizeof(out), (char *)in, sizeof(in), enc); + check_base64(3, (char *)in, sizeof(in), enc); } } @@ -40,8 +39,7 @@ static void check_all_len_3 (const base64_charset enc) { unsigned int c1, c2, c3; for (c1 = 0; c1 < 256; c1+=255) for (c2 = 0; c2 < 256; ++c2) for (c3 = 0; c3 < 256; ++c3) { unsigned char in[] = { c1, c2, c3 }; - char out[4] = { 0, 0, 0, 0 }; - check_base64(out, sizeof(out), (char *)in, sizeof(in), enc); + check_base64(4, (char *)in, sizeof(in), enc); } }