Fix mbedtls_base64_decode() accepting invalid inputs with 4n+1 digits
The last digit was ignored.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/library/base64.c b/library/base64.c
index 9677dee..bff9123 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -183,6 +183,12 @@
n++;
}
+ /* In valid base64, the number of digits is always of the form
+ * 4n, 4n+2 or 4n+3. */
+ if ((n - equals) % 4 == 1) {
+ return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
+ }
+
if (n == 0) {
*olen = 0;
return 0;