Fix BIO_printf format warnings

[oweals/openssl.git] / crypto / ct / ct_b64.c

diff --git a/crypto/ct/ct_b64.c b/crypto/ct/ct_b64.c
index f0bf3aff29d2686d2e0945149b85c35baa072e96..cacec2fd8a54d4ff71c46a270d29347b9c28b1f7 100644 (file)
--- a/crypto/ct/ct_b64.c
+++ b/crypto/ct/ct_b64.c
@@ -1,7 +1,7 @@
 /*
  * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
@@ -24,7 +24,7 @@
 static int ct_base64_decode(const char *in, unsigned char **out)
 {
     size_t inlen = strlen(in);
-    int outlen;
+    int outlen, i;
     unsigned char *outbuf = NULL;
 
     if (inlen == 0) {
@@ -45,9 +45,12 @@ static int ct_base64_decode(const char *in, unsigned char **out)
         goto err;
     }
 
-    /* Subtract padding bytes from |outlen| */
+    /* Subtract padding bytes from |outlen|.  Any more than 2 is malformed. */
+    i = 0;
     while (in[--inlen] == '=') {
         --outlen;
+        if (++i > 2)
+            goto err;
     }
 
     *out = outbuf;
@@ -132,7 +135,7 @@ SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
 int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *name)
 {
     unsigned char *pkey_der = NULL;
-    int pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der);
+    int pkey_der_len;
     const unsigned char *p;
     EVP_PKEY *pkey = NULL;
 
@@ -141,7 +144,8 @@ int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *n
         return 0;
     }
 
-    if (pkey_der_len <= 0) {
+    pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der);
+    if (pkey_der_len < 0) {
         CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
         return 0;
     }