From 7680669c331de9c80494a104302822b8bc109c61 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Lutz=20J=C3=A4nicke?= <jaenicke@openssl.org>
Date: Mon, 15 Apr 2002 09:51:10 +0000
Subject: [PATCH] Fix CRLF problem in BASE64 decode.

---
 CHANGES             | 8 ++++++++
 crypto/evp/encode.c | 7 +++++++
 2 files changed, 15 insertions(+)

diff --git a/CHANGES b/CHANGES
index 4ddaa48002..5a0e1ec76b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,14 @@
 
  Changes between 0.9.6c and 0.9.6d  [XX xxx XXXX]
 
+  *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:
+     an end-of-file condition would erronously be flagged, when the CRLF
+     was just at the end of a processed block. The bug was discovered when
+     processing data through a buffering memory BIO handing the data to a
+     BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov
+     <ptsekov@syntrex.com> and Nedelcho Stanev.
+     [Lutz Jaenicke]
+
   *) Implement a countermeasure against a vulnerability recently found
      in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
      before application data chunks to avoid the use of known IVs
diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index 6ff9c1783c..12c6379df1 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -277,6 +277,13 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 			eof++;
 			}
 
+		if (v == B64_CR)
+			{
+			ln = 0;
+			if (exp_nl)
+				continue;
+			}
+
 		/* eoln */
 		if (v == B64_EOLN)
 			{
-- 
2.25.1