diff options
| author | Yukihiro "Matz" Matsumoto <[email protected]> | 2018-02-13 08:55:24 +0900 |
|---|---|---|
| committer | Yukihiro "Matz" Matsumoto <[email protected]> | 2018-02-13 08:55:24 +0900 |
| commit | ef1a0e63580af82cd4a4e40ef6751e87578061ed (patch) | |
| tree | 0ae7fadf88fa9c68843145916b6976e658087fba /mrbgems/mruby-pack | |
| parent | 748375309443176e2e2abf0629cf042fc222d4a4 (diff) | |
| download | mruby-ef1a0e63580af82cd4a4e40ef6751e87578061ed.tar.gz mruby-ef1a0e63580af82cd4a4e40ef6751e87578061ed.zip | |
Check `sizeof(base64_dec_tab)` in base64 encoding; fix #3947
The issue (and the fix) reported by https://hackerone.com/aerodudrizzt
Diffstat (limited to 'mrbgems/mruby-pack')
| -rw-r--r-- | mrbgems/mruby-pack/src/pack.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/mrbgems/mruby-pack/src/pack.c b/mrbgems/mruby-pack/src/pack.c index 3b64df2cc..a3ea77517 100644 --- a/mrbgems/mruby-pack/src/pack.c +++ b/mrbgems/mruby-pack/src/pack.c @@ -806,7 +806,7 @@ unpack_m(mrb_state *mrb, const void *src, int slen, mrb_value ary, unsigned int ch[i] = 0; padding++; } - } while (ch[i] == PACK_BASE64_IGNORE); + } while (c >= sizeof(base64_dec_tab) || ch[i] == PACK_BASE64_IGNORE); } l = (ch[0] << 18) + (ch[1] << 12) + (ch[2] << 6) + ch[3]; |