On Tue, Aug 30, 2022 at 11:18:01AM +0200, YASUOKA Masahiko wrote:
> b64decode(8) fails if a long line is given.
>
> % wc test
> 1 1 1370 test
> %
> % ./b64decode -r test > /dev/null
> b64decode: test: /dev/stdout: error decoding base64 input stream
> %
>
> uudecode.c
>
> 426 static int
> 427 base64_decode(void)
> 428 {
> 429 int n;
> 430 char inbuf[PATH_MAX];
> 431 unsigned char outbuf[PATH_MAX * 4];
> 432
> 433 for (;;) {
> 434 switch (get_line(inbuf, sizeof(inbuf))) {
> 435 case 0:
> 436 return (0);
> 437 case 1:
> 438 return (1);
> 439 }
> 440 n = b64_pton(inbuf, outbuf, sizeof(outbuf));
>
> b64_pton() assumes that input ends at end of 24-bit group. Other than
> that, it returns -1.
>
> For a line longer than 1023 get_line(), it returns a 1023 byte string
> which ends 18 of 24-bit group, then the error happens.
>
> The diff fixes this by giving a string to b64_pton() which length is
> multiple of 4.
>
> ok?
>
> Index: usr.bin/uudecode/uudecode.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/uudecode/uudecode.c,v
> retrieving revision 1.27
> diff -u -p -r1.27 uudecode.c
> --- usr.bin/uudecode/uudecode.c 28 Jun 2019 13:35:05 -0000 1.27
> +++ usr.bin/uudecode/uudecode.c 30 Aug 2022 08:49:21 -0000
> @@ -423,11 +423,13 @@ uu_decode(void)
> }
> }
>
> +#define ROUNDDOWN(x,y) (((x)/(y)) * (y))
> +
> static int
> base64_decode(void)
> {
> int n;
> - char inbuf[PATH_MAX];
> + char inbuf[ROUNDDOWN(PATH_MAX, 4) + 1];
> unsigned char outbuf[PATH_MAX * 4];
>
> for (;;) {
>
The fix is right but I wonder why is this code using PATH_MAX for a buffer
size that has nothing to do with a file system path?
I would do something like:
#define BUFSIZE 1024 /* needs to be multiple of 4 */
static int
base64_decode(void)
{
int n;
char inbuf[BUFSIZE + 1];
unsigned char outbuf[BUFSIZE * 4];
for (;;) {
--
:wq Claudio
