Return-Path: Delivered-To: new-httpd-archive@hyperreal.org Received: (qmail 15053 invoked by uid 6000); 5 Apr 1999 07:31:25 -0000 Received: (qmail 15044 invoked from network); 5 Apr 1999 07:31:22 -0000 Received: from chill.innovation.ch (193.73.228.10) by taz.hyperreal.org with SMTP; 5 Apr 1999 07:31:22 -0000 Received: (from ronald@localhost) by chill.innovation.ch (8.8.8/8.8.8) id JAA01611 for new-httpd@apache.org; Mon, 5 Apr 1999 09:31:11 +0200 (MET DST) From: "Life is hard, and then you die." Message-Id: <199904050731.JAA01611@chill.innovation.ch> Subject: [PATCH] fixes to ap_uudecode and ap_uuencode To: new-httpd@apache.org Date: Mon, 5 Apr 1999 09:31:09 +0200 (MET DST) X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: new-httpd-owner@apache.org Precedence: bulk Reply-To: new-httpd@apache.org This patch fixes bugs pointed out in PR #3422 (though using a different fix) and the buffer overflow reported by "Peter 'Luna' Altberg" in <01C5CFD59D5AD1118AA400805F14B8F92333F2@BOLLNT04>. Any comments before I commit? Cheers, Ronald -------------------------------------------------------------------- Index: src/main/util.c =================================================================== RCS file: /home/cvs/apache-1.3/src/main/util.c,v retrieving revision 1.156 diff -u -r1.156 util.c --- util.c 1999/03/20 15:41:07 1.156 +++ util.c 1999/04/05 07:13:33 @@ -1962,7 +1962,7 @@ bufin = (const unsigned char *) bufcoded; - while (nprbytes > 0) { + while (nprbytes > 4) { *(bufout++) = (unsigned char) (pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4); *(bufout++) = @@ -1973,13 +1973,15 @@ nprbytes -= 4; } - if (nprbytes & 03) { - if (pr2six[bufin[-2]] > 63) - nbytesdecoded -= 2; - else - nbytesdecoded -= 1; + /* Note: (nprbytes == 1) would be an error, so just ingore that case */ + if (nprbytes > 1) { + *(bufout++) = + (unsigned char) (pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4); } - bufplain[nbytesdecoded] = '\0'; + if (nprbytes > 2) { + *(bufout++) = + (unsigned char) (pr2six[bufin[1]] << 4 | pr2six[bufin[2]] >> 2); + } #else /*CHARSET_EBCDIC*/ bufin = (const unsigned char *) bufcoded; while (pr2six[os_toascii[(unsigned char)*(bufin++)]] <= 63); @@ -1991,7 +1993,7 @@ bufin = (const unsigned char *) bufcoded; - while (nprbytes > 0) { + while (nprbytes > 4) { *(bufout++) = os_toebcdic[ (unsigned char) (pr2six[os_toascii[*bufin]] << 2 | pr2six[os_toascii[bufin[1]]] >> 4)]; *(bufout++) = os_toebcdic[ @@ -2002,14 +2004,20 @@ nprbytes -= 4; } - if (nprbytes & 03) { - if (pr2six[os_toascii[bufin[-2]]] > 63) - nbytesdecoded -= 2; - else - nbytesdecoded -= 1; + /* Note: (nprbytes == 1) would be an error, so just ingore that case */ + if (nprbytes > 1) { + *(bufout++) = os_toebcdic[ + (unsigned char) (pr2six[os_toascii[*bufin]] << 2 | pr2six[os_toascii[bufin[1]]] >> 4)]; } - bufplain[nbytesdecoded] = '\0'; + if (nprbytes > 2) { + *(bufout++) = os_toebcdic[ + (unsigned char) (pr2six[os_toascii[bufin[1]]] << 4 | pr2six[os_toascii[bufin[2]]] >> 2)]; + } #endif /*CHARSET_EBCDIC*/ + + nbytesdecoded -= (4 - nprbytes) & 3; + bufplain[nbytesdecoded] = '\0'; + return bufplain; } @@ -2020,7 +2028,7 @@ { int i, len = strlen(string); char *p; - char *encoded = (char *) ap_palloc(a, (len+2) / 3 * 4); + char *encoded = (char *) ap_palloc(a, ((len+2) / 3 * 4) + 1); p = encoded; #ifndef CHARSET_EBCDIC --------------------------------------------------------------------