httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ewald Dieterich <ew...@mailbox.org>
Subject Buffer size in mod_session_crypto.c, decrypt_string()
Date Thu, 19 Nov 2015 09:07:22 GMT
This is from mod_session_crypto.c, decrypt_string():

     /* strip base64 from the string */
     decoded = apr_palloc(r->pool, apr_base64_decode_len(in));
     decodedlen = apr_base64_decode(decoded, in);
     decoded[decodedlen] = '\0';

Shouldn't that be ("+ 1" for the added '\0'):

    decoded = apr_palloc(r->pool, apr_base64_decode_len(in) + 1);

At least that's how it's done in eg. mod_auth_basic.c. Or can we make 
any assumptions about the number of characters that 
apr_base64_decode_len() returns?

Mime
View raw message