[Pkg-privacy-commits] [libotr] 80/225: Use ceil instead of floor to compute the size of the data buffer.

[Ximin Luo]

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch master
in repository libotr.

commit aa8cf9d5e860691943f3fc02ad11432b56c7ae1f
Author: Ian Goldberg <iang at cs.uwaterloo.ca>
Date:   Tue Jul 17 13:25:44 2012 -0400

    Use ceil instead of floor to compute the size of the data buffer.
    
    This prevents a one-byte heap buffer overflow.  Thanks to Justin
    Ferguson <jnferguson at gmail.com> for the report.
---
 ChangeLog | 7 +++++++
 src/b64.c | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index f12ce68..7f6e9ed 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2012-07-17
+
+	* src/b64.c: Use ceil instead of floor to compute the size
+	of the data buffer.  This prevents a one-byte heap buffer
+	overflow.  Thanks to Justin Ferguson <jnferguson at gmail.com>
+	for the report.
+
 2012-06-21
 
 	* src/context.c: A couple bug fixes.
diff --git a/src/b64.c b/src/b64.c
index 8ea2e52..9ed3feb 100644
--- a/src/b64.c
+++ b/src/b64.c
@@ -237,7 +237,7 @@ int otrl_base64_otr_decode(const char *msg, unsigned char **bufp,
     }
 
     /* Base64-decode the message */
-    rawlen = ((msglen-5) / 4) * 3;   /* maximum possible */
+    rawlen = ((msglen-5+3) / 4) * 3;   /* maximum possible */
     rawmsg = malloc(rawlen);
     if (!rawmsg && rawlen > 0) {
 	return -1;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/libotr.git