evp: prevent underflow in base64 decoding

This patch resolves RT ticket #2608.

Thanks to Robert Dugal for originally spotting this, and to David
Ramos for noticing that the ball had been dropped.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>

diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index e8a521814a5ccfbc00efb0127d97e85629386465..69f7ccad69a697956e5238f84e05fea8cee2206b 100644 (file)
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -324,6 +324,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
                                v=EVP_DecodeBlock(out,d,n);
                                n=0;
                                if (v < 0) { rv=0; goto end; }
+                               if (eof > v) { rv=-1; goto end; }
                                ret+=(v-eof);
                                }
                        else