When decoding a base-{16,32,64} value, clear the target buffer first

This is a good idea in case the caller stupidly doesn't check the return value from baseX_decode(), and as a workaround for the current inconsistent API of base16_decode. Prevents any fallout from bug 14013.
2024-11-24 04:13:28 +01:00 · 2014-12-22 12:56:35 -05:00 · 2014-12-22 12:56:35 -05:00 · 47760c7ba5
commit 47760c7ba5
parent 137982f955
2 changed files with 9 additions and 0 deletions
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@ -2678,6 +2678,8 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
  if (destlen > SIZE_T_CEILING)
    return -1;

+  memset(dest, 0, destlen);
+
  EVP_DecodeInit(&ctx);
  EVP_DecodeUpdate(&ctx, (unsigned char*)dest, &len,
                   (unsigned char*)src, srclen);
@ -2699,6 +2701,8 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
  if (destlen > SIZE_T_CEILING)
    return -1;

+  memset(dest, 0, destlen);
+
  /* Iterate over all the bytes in src.  Each one will add 0 or 6 bits to the
   * value we're decoding.  Accumulate bits in <b>n</b>, and whenever we have
   * 24 bits, batch them into 3 bytes and flush those bytes to dest.
@ -2878,6 +2882,8 @@ base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
  tor_assert((nbits/8) <= destlen); /* We need enough space. */
  tor_assert(destlen < SIZE_T_CEILING);

+  memset(dest, 0, destlen);
+
  /* Convert base32 encoded chars to the 5-bit values that they represent. */
  tmp = tor_malloc_zero(srclen);
  for (j = 0; j < srclen; ++j) {
--- a/src/common/util.c
+++ b/src/common/util.c
@ -1076,6 +1076,9 @@ base16_decode(char *dest, size_t destlen, const char *src, size_t srclen)
    return -1;
  if (destlen < srclen/2 || destlen > SIZE_T_CEILING)
    return -1;
+
+  memset(dest, 0, destlen);
+
  end = src+srclen;
  while (src<end) {
    v1 = hex_decode_digit_(*src);