From ef1a0e63580af82cd4a4e40ef6751e87578061ed Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby.or.jp>
Date: Tue, 13 Feb 2018 08:55:24 +0900
Subject: Check `sizeof(base64_dec_tab)` in base64 encoding; fix #3947

The issue (and the fix) reported by https://hackerone.com/aerodudrizzt
---
 mrbgems/mruby-pack/src/pack.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'mrbgems/mruby-pack/src')

diff --git a/mrbgems/mruby-pack/src/pack.c b/mrbgems/mruby-pack/src/pack.c
index 3b64df2cc..a3ea77517 100644
--- a/mrbgems/mruby-pack/src/pack.c
+++ b/mrbgems/mruby-pack/src/pack.c
@@ -806,7 +806,7 @@ unpack_m(mrb_state *mrb, const void *src, int slen, mrb_value ary, unsigned int
 	  ch[i] = 0;
 	  padding++;
 	}
-      } while (ch[i] == PACK_BASE64_IGNORE);
+      } while (c >= sizeof(base64_dec_tab) || ch[i] == PACK_BASE64_IGNORE);
     }
 
     l = (ch[0] << 18) + (ch[1] << 12) + (ch[2] << 6) + ch[3];
-- 
cgit v1.2.3