From owner-freebsd-hackers@FreeBSD.ORG  Sat Nov 22 22:15:46 2014
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id C91A5626
 for <freebsd-hackers@freebsd.org>; Sat, 22 Nov 2014 22:15:46 +0000 (UTC)
Received: from ox.tedunangst.com (ox.tedunangst.com [208.82.130.146])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 65030B88
 for <freebsd-hackers@freebsd.org>; Sat, 22 Nov 2014 22:15:45 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1]);
 by ox.tedunangst.com (OpenSMTPD) with ESMTP id 5e290dae;
 for <freebsd-hackers@freebsd.org>;
 Sat, 22 Nov 2014 17:09:23 -0500 (EST)
Date: Sat, 22 Nov 2014 17:09:04 -0500
From: Ted Unangst <tedu@tedunangst.com>
To: freebsd-hackers@freebsd.org
Message-ID: <6a4308e3ce1d4835be5caef3f96b0c50@tedunangst.com>
Subject: fix base64.c "overrun"
Mime-Version: 1.0
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Sat, 22 Nov 2014 23:18:31 +0000
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Nov 2014 22:15:46 -0000

>From inspection, it appears FreeBSD's libc base64.c will sometimes
erroneously fail to decode a base64 string into a precisely sized
buffer. The overflow check is a little too greedy. The same bug was
fixed in OpenBSD; it would be helpful if FreeBSD adopted the fix as
well. :)

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/net/base64.c.diff?r1=1.6&r2=1.7