cheng/libsodium
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fill the max output buffer size in sodium_bin2base64()

Browse Source 
Unlike hex encoding, due to optional padding, computing the correct size is
not straightforward. Ensuring that the string ends with `\0` is fine, but
if the size is not exact, some unrelated data might be send around by the
application. So, zero it to be safe.
This commit is contained in:
Frank Denis 2017-08-31 19:32:14 +02:00
parent 6b43c1ddb6
commit 0af31aeb26
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/libsodium/sodium/codecs.c
View File

@ -215,7 +215,9 @@ sodium_bin2base64(char * const b64, const size_t b64_maxlen,
while (b64_pos < b64_len) { while (b64_pos < b64_len) {
b64[b64_pos++] = '='; b64[b64_pos++] = '=';
} }
b64[b64_pos++] = 0; do {
b64[b64_pos++] = 0U;
} while (b64_pos < b64_maxlen);
return b64; return b64;
} }

2
test/default/sodium_utils.c
View File

@ -161,7 +161,7 @@ main(void)
b64_ = (char *) sodium_malloc(b64_len); b64_ = (char *) sodium_malloc(b64_len);
randombytes_buf(bin, bin_len); randombytes_buf(bin, bin_len);
memcpy(buf1, bin, bin_len); memcpy(buf1, bin, bin_len);
b64 = sodium_bin2base64(b64_, b64_len + 10, bin, bin_len, b64 = sodium_bin2base64(b64_, b64_len, bin, bin_len,
sodium_base64_VARIANT_URLSAFE); sodium_base64_VARIANT_URLSAFE);
assert(b64 != NULL); assert(b64 != NULL);
assert(sodium_base642bin(bin, bin_len + 10, b64, b64_len, assert(sodium_base642bin(bin, bin_len + 10, b64, b64_len,