Fix potential buffer overrun by 1 byte in base64Decode caused by bad docs from APR-Util. See #255.

2025-09-29 11:16:33 +03:00 · 2007-09-21 00:20:31 +00:00
parent b217e42624
commit eb6b456f5b
2 changed files with 4 additions and 2 deletions
--- a/apache2/re_tfns.c
+++ b/apache2/re_tfns.c
@@ -311,8 +311,7 @@ static int msre_fn_base64Decode_execute(apr_pool_t *mptmp, unsigned char *input,
 {
    *rval_len = apr_base64_decode_len((const char *)input); /* returns len with NULL byte included */
    *rval = apr_palloc(mptmp, *rval_len);
-    apr_base64_decode(*rval, (const char *)input);
-    (*rval_len)--;
+    *rval_len = apr_base64_decode(*rval, (const char *)input);

    return 1;
 }