When data are written out in very small blocks (less than 3 bytes in

size) through the base64 filter, b64_write() messes up it's parameters in such a way that instead of writing correct base64 output, the first 4 characters of that output is repeated over and over. This fix corrects that problem.
2025-01-21 17:33:33 +08:00 · 2000-07-26 16:53:58 +00:00 · 2000-07-26 16:53:58 +00:00 · 2dbef509e2
commit 2dbef509e2
parent a4125514f5
1 changed files with 11 additions and 4 deletions
--- a/crypto/evp/bio_b64.c
+++ b/crypto/evp/bio_b64.c
@ -370,10 +370,11 @@ static int b64_write(BIO *b, const char *in, int inl)
 		n-=i;
 		}
 	/* at this point all pending data has been written */
+	ctx->buf_off=0;
+	ctx->buf_len=0;

 	if ((in == NULL) || (inl <= 0)) return(0);

-	ctx->buf_off=0;
 	while (inl > 0)
 		{
 		n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl;
@ -383,14 +384,20 @@ static int b64_write(BIO *b, const char *in, int inl)
 			if (ctx->tmp_len > 0)
 				{
 				n=3-ctx->tmp_len;
+				/* There's a teoretical possibility for this */
+				if (n > inl) 
+					n=inl;
 				memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
 				ctx->tmp_len+=n;
-				n=ctx->tmp_len;
-				if (n < 3)
+				if (ctx->tmp_len < 3)
 					break;
 				ctx->buf_len=EVP_EncodeBlock(
 					(unsigned char *)ctx->buf,
-					(unsigned char *)ctx->tmp,n);
+					(unsigned char *)ctx->tmp,
+					ctx->tmp_len);
+				/* Since we're now done using the temporary
+				   buffer, the length should be 0'd */
+				ctx->tmp_len=0;
 				}
 			else
 				{