Commit 47760c7b authored by Nick Mathewson's avatar Nick Mathewson 🦀
Browse files

When decoding a base-{16,32,64} value, clear the target buffer first 

This is a good idea in case the caller stupidly doesn't check the
return value from baseX_decode(), and as a workaround for the
current inconsistent API of base16_decode.

Prevents any fallout from bug 14013.
parent 137982f9

src/common/crypto.c

+6 −0
Original line number Diff line number Diff line
@@ -2678,6 +2678,8 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen) 
  if (destlen > SIZE_T_CEILING)

    return -1;



  memset(dest, 0, destlen);



  EVP_DecodeInit(&ctx);

  EVP_DecodeUpdate(&ctx, (unsigned char*)dest, &len,

                   (unsigned char*)src, srclen);
@@ -2699,6 +2701,8 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen) 
  if (destlen > SIZE_T_CEILING)

    return -1;



  memset(dest, 0, destlen);



  /* Iterate over all the bytes in src.  Each one will add 0 or 6 bits to the

   * value we're decoding.  Accumulate bits in <b>n</b>, and whenever we have

   * 24 bits, batch them into 3 bytes and flush those bytes to dest.
@@ -2878,6 +2882,8 @@ base32_decode(char *dest, size_t destlen, const char *src, size_t srclen) 
  tor_assert((nbits/8) <= destlen); /* We need enough space. */

  tor_assert(destlen < SIZE_T_CEILING);



  memset(dest, 0, destlen);



  /* Convert base32 encoded chars to the 5-bit values that they represent. */

  tmp = tor_malloc_zero(srclen);

  for (j = 0; j < srclen; ++j) {

src/common/util.c

+3 −0
Original line number Diff line number Diff line
@@ -1076,6 +1076,9 @@ base16_decode(char *dest, size_t destlen, const char *src, size_t srclen) 
    return -1;

  if (destlen < srclen/2 || destlen > SIZE_T_CEILING)

    return -1;



  memset(dest, 0, destlen);



  end = src+srclen;

  while (src<end) {

    v1 = hex_decode_digit_(*src);