evp: prevent underflow in base64 decoding

This patch resolves RT ticket #2608.

Thanks to Robert Dugal for originally spotting this, and to David
Ramos for noticing that the ball had been dropped.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>

diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index e278a1b5d400fd95ce6fd09f51f7af1666acc0a0..a4f7674d9dac89797d6ce9507c596360211de400 100644 (file)
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -324,6 +324,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
                                v=EVP_DecodeBlock(out,d,n);
                                n=0;
                                if (v < 0) { rv=0; goto end; }
+                               if (eof > v) { rv=-1; goto end; }
                                ret+=(v-eof);
                                }
                        else