httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re:
Date Fri, 10 Sep 1999 10:34:42 GMT
Bill Stoddard wrote:
> 
> ab_base64decode_binary(decoded, encoded) NULL terminates the decoded buffer
> passed to it. Seems the _binary  modifier should indicate the output should
> be treated as an opaque type and not a character string.  As it is written,
> the following code snippet would cause a one byte buffer overflow:
> 
> time_t t = time();
> char encoded[1024];
> ap_base64encode(encoded, t, sizeof(encoded));
> ap_base64decode_binary((char*) &t, encoded);
> 
> Is the function broken or should the caller make sure the output buffer size
> is adjusted for the NULL termination character? IMO, the function is broken.

Agreed.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
     - Indira Gandhi

Mime
View raw message