[Pkg-privacy-commits] [libotr] 01/06: Use ceil instead of floor to compute the size of the data buffer.

[Ximin Luo]

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to tag release_3_2_1
in repository libotr.

commit b17232f86f8e60d0d22caf9a2400494d3c77da58
Author: Ian Goldberg <iang at cs.uwaterloo.ca>
Date:   Tue Jul 17 13:25:44 2012 -0400

    Use ceil instead of floor to compute the size of the data buffer.
    
    This prevents a one-byte heap buffer overflow.  Thanks to Justin
    Ferguson <jnferguson at gmail.com> for the report.
---
 ChangeLog | 7 +++++++
 src/b64.c | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index a919221..a2d1f55 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2012-07-17
+
+	* src/b64.c: Use ceil instead of floor to compute the size
+	of the data buffer.  This prevents a one-byte heap buffer
+	overflow.  Thanks to Justin Ferguson <jnferguson at gmail.com>
+	for the report.
+
 2008-06-15:
 
 	* README: Release version 3.2.0.
diff --git a/src/b64.c b/src/b64.c
index b8736da..b949782 100644
--- a/src/b64.c
+++ b/src/b64.c
@@ -235,7 +235,7 @@ int otrl_base64_otr_decode(const char *msg, unsigned char **bufp,
     }
 
     /* Base64-decode the message */
-    rawlen = ((msglen-5) / 4) * 3;   /* maximum possible */
+    rawlen = ((msglen-5+3) / 4) * 3;   /* maximum possible */
     rawmsg = malloc(rawlen);
     if (!rawmsg && rawlen > 0) {
 	return -1;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/libotr.git