From 87f2de93a6522bbcf17d1960e78641df8ecd85d3 Mon Sep 17 00:00:00 2001 From: Timo Weingärtner Date: Mon, 19 Nov 2018 21:27:42 +0100 Subject: base64_encode: fix two-byte out-of-bounds stack write BASE64_ENCODE_LENGTH() calculates the encoded size without padding --- ssh-agent-filter.C | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/ssh-agent-filter.C b/ssh-agent-filter.C index 307be1f..b6d906b 100644 --- a/ssh-agent-filter.C +++ b/ssh-agent-filter.C @@ -116,12 +116,9 @@ string md5_hex (string const & s) { } string base64_encode (string const & s) { - struct base64_encode_ctx ctx; - base64_encode_init(&ctx); - char b64[BASE64_ENCODE_LENGTH(s.size())]; - auto len = base64_encode_update(&ctx, b64, s.size(), reinterpret_cast(s.data())); - len += base64_encode_final(&ctx, b64 + len); - return {b64, len}; + char b64[BASE64_ENCODE_RAW_LENGTH(s.size())]; + base64_encode_raw(b64, s.size(), reinterpret_cast(s.data())); + return {b64, sizeof(b64)}; } void cloexec (int fd) { -- cgit v1.2.3