Fix potential buffer overrun by 1 byte in base64Decode caused by bad docs from APR-Util. See #255.

2025-08-13 21:36:00 +03:00 · 2007-09-21 00:20:31 +00:00 · 2007-09-21 00:20:31 +00:00 · eb6b456f5b
commit eb6b456f5b
parent b217e42624
2 changed files with 4 additions and 2 deletions
--- a/3
+++ b/3
@ -1,6 +1,9 @@
 ?? ??? 2007 - 2.5.0-dev3
 ------------------------

+ * Fixed potential corruption at end of strings after using base64Decode
+   (APR-Util issue). TODO make a better CHANGELOG entry ;)
+
 * Return from the output filter with an error in addition to setting
   up the HTTP error status in the output data.

--- a/apache2/re_tfns.c
+++ b/apache2/re_tfns.c
@ -311,8 +311,7 @@ static int msre_fn_base64Decode_execute(apr_pool_t *mptmp, unsigned char *input,
 {
    *rval_len = apr_base64_decode_len((const char *)input); /* returns len with NULL byte included */
    *rval = apr_palloc(mptmp, *rval_len);
-    apr_base64_decode(*rval, (const char *)input);
-    (*rval_len)--;
+    *rval_len = apr_base64_decode(*rval, (const char *)input);

    return 1;
 }