httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Stoddard" <stodd...@raleigh.ibm.com>
Subject [No Subject]
Date Thu, 09 Sep 1999 21:54:45 GMT
ab_base64decode_binary(decoded, encoded) NULL terminates the decoded buffer
passed to it. Seems the _binary  modifier should indicate the output should
be treated as an opaque type and not a character string.  As it is written,
the following code snippet would cause a one byte buffer overflow:

time_t t = time();
char encoded[1024];
ap_base64encode(encoded, t, sizeof(encoded));
ap_base64decode_binary((char*) &t, encoded);

Is the function broken or should the caller make sure the output buffer size
is adjusted for the NULL termination character? IMO, the function is broken.

Bill


Mime
View raw message