httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Life is hard, and then you die." <ron...@innovation.ch>
Subject [PATCH] fixes to ap_uudecode and ap_uuencode
Date Mon, 05 Apr 1999 07:31:09 GMT

This patch fixes bugs pointed out in PR #3422 (though using a different
fix) and the buffer overflow reported by "Peter 'Luna' Altberg"
<peter@altberg.nu> in <01C5CFD59D5AD1118AA400805F14B8F92333F2@BOLLNT04>.

Any comments before I commit?


  Cheers,

  Ronald


--------------------------------------------------------------------
Index: src/main/util.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/main/util.c,v
retrieving revision 1.156
diff -u -r1.156 util.c
--- util.c	1999/03/20 15:41:07	1.156
+++ util.c	1999/04/05 07:13:33
@@ -1962,7 +1962,7 @@
 
     bufin = (const unsigned char *) bufcoded;
 
-    while (nprbytes > 0) {
+    while (nprbytes > 4) {
 	*(bufout++) =
 	    (unsigned char) (pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4);
 	*(bufout++) =
@@ -1973,13 +1973,15 @@
 	nprbytes -= 4;
     }
 
-    if (nprbytes & 03) {
-	if (pr2six[bufin[-2]] > 63)
-	    nbytesdecoded -= 2;
-	else
-	    nbytesdecoded -= 1;
+    /* Note: (nprbytes == 1) would be an error, so just ingore that case */
+    if (nprbytes > 1) {
+	*(bufout++) =
+	    (unsigned char) (pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4);
     }
-    bufplain[nbytesdecoded] = '\0';
+    if (nprbytes > 2) {
+	*(bufout++) =
+	    (unsigned char) (pr2six[bufin[1]] << 4 | pr2six[bufin[2]] >> 2);
+    }
 #else /*CHARSET_EBCDIC*/
     bufin = (const unsigned char *) bufcoded;
     while (pr2six[os_toascii[(unsigned char)*(bufin++)]] <= 63);
@@ -1991,7 +1993,7 @@
 
     bufin = (const unsigned char *) bufcoded;
 
-    while (nprbytes > 0) {
+    while (nprbytes > 4) {
 	*(bufout++) = os_toebcdic[
 	    (unsigned char) (pr2six[os_toascii[*bufin]] << 2 | pr2six[os_toascii[bufin[1]]]
>> 4)];
 	*(bufout++) = os_toebcdic[
@@ -2002,14 +2004,20 @@
 	nprbytes -= 4;
     }
 
-    if (nprbytes & 03) {
-	if (pr2six[os_toascii[bufin[-2]]] > 63)
-	    nbytesdecoded -= 2;
-	else
-	    nbytesdecoded -= 1;
+    /* Note: (nprbytes == 1) would be an error, so just ingore that case */
+    if (nprbytes > 1) {
+	*(bufout++) = os_toebcdic[
+	    (unsigned char) (pr2six[os_toascii[*bufin]] << 2 | pr2six[os_toascii[bufin[1]]]
>> 4)];
     }
-    bufplain[nbytesdecoded] = '\0';
+    if (nprbytes > 2) {
+	*(bufout++) = os_toebcdic[
+	    (unsigned char) (pr2six[os_toascii[bufin[1]]] << 4 | pr2six[os_toascii[bufin[2]]]
>> 2)];
+    }
 #endif /*CHARSET_EBCDIC*/
+
+    nbytesdecoded -= (4 - nprbytes) & 3;
+    bufplain[nbytesdecoded] = '\0';
+
     return bufplain;
 }
 
@@ -2020,7 +2028,7 @@
 { 
     int i, len = strlen(string); 
     char *p; 
-    char *encoded = (char *) ap_palloc(a, (len+2) / 3 * 4); 
+    char *encoded = (char *) ap_palloc(a, ((len+2) / 3 * 4) + 1); 
  
     p = encoded; 
 #ifndef CHARSET_EBCDIC
--------------------------------------------------------------------


Mime
View raw message