evp: prevent underflow in base64 decoding

This patch resolves RT ticket #2608.

Thanks to Robert Dugal for originally spotting this, and to David
Ramos for noticing that the ball had been dropped.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>

diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index 28546a84bc2b61e4150af841d264a9d66386c52a..4654bdc61a64838353562a57ec85e14a623fdfa2 100644 (file)
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -324,6 +324,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
                                v=EVP_DecodeBlock(out,d,n);
                                n=0;
                                if (v < 0) { rv=0; goto end; }
+                               if (eof > v) { rv=-1; goto end; }
                                ret+=(v-eof);
                                }
                        else