Array index past end of array in NSData+Base64 #96
Comments
|
Found this issue as well. The code fix for this is trivial. Please also take into account that you need to memset your buffers before operating on them as well unless you want entropy laden artifacts. -Chris |
|
I'm also getting a warning at I have no knowledge of memset. so do I have to add memset(&inbuf, 0x00, 4); and memset(&outbuf, 0x00, 4); as well? |
|
Change to: "unsigned char inbuf[4], outbuf[3];" Memset is great for setting the buffer to a known value before you operate on that buffer. When you operate with memory in C, it should never be assumed that it is properly zero'd out or assigned to a particular set of default values. You have to do this manually and memset helps you quickly do this. Otherwise, you might have junk in your buffer. This is especially a problem if you are doing some bit flipping on that buffer without pre-assigning values to the proper offset. From the terminal type in "man memset" You'll see more great information on it. Kind Regards, |
|
"Change to: "unsigned char inbuf[4], outbuf[4];"" Why not "unsigned char inbuf[4], outbuf[3];"? |
|
Yes it is large enough. All uses of outbuf in that function are index 0, 1, or 2. Maybe you are looking at a different function. Plus the same fix was applied upstream (where this file came from) several years ago. |
|
Yes, I meant inbuf wasn't large enough. In the version I'm holding here it has on line 79: outbuf [2] = ( ( inbuf[2] & 0x03 ) << 6 ) | ( inbuf[3] & 0x3F ); @newacct Just read my original post at the top. |
|
Thank you guys! @newacct and @danielsonchris you guys conversation helped me to resolve my same problem. |
In NSData+Base64.m, in the
initWithBase64EncodedString:method, theinbufarray is declared with size 3, yet it is indexed with indexes 0 thru 3, which is a buffer overflow. Curiously, theoutbufarray is declared with size 4, yet is indexed with indexes 0 thru 2. Perhaps their sizes are switched.The text was updated successfully, but these errors were encountered: