NetBSD Problem Report #47237

From www@NetBSD.org  Thu Nov 22 20:00:08 2012
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	by www.NetBSD.org (Postfix) with ESMTP id E380563E573
	for <gnats-bugs@gnats.NetBSD.org>; Thu, 22 Nov 2012 20:00:07 +0000 (UTC)
Message-Id: <20121122200006.D29D763E573@www.NetBSD.org>
Date: Thu, 22 Nov 2012 20:00:06 +0000 (UTC)
From: sdaoden@gmail.com
Reply-To: sdaoden@gmail.com
To: gnats-bugs@NetBSD.org
Subject: mailx(1): Base64 decoder ignores some illegal input
X-Send-Pr-Version: www-1.0

>Number:         47237
>Category:       bin
>Synopsis:       mailx(1): Base64 decoder ignores some illegal input
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Nov 22 20:05:00 +0000 2012
>Closed-Date:    Tue Dec 11 16:17:34 +0000 2012
>Last-Modified:  Tue Dec 11 16:17:34 +0000 2012
>Originator:     Steffen Nurpmeso
>Release:        mailx(1): mime_codecs.c, v1.9
>Organization:
>Environment:
NetBSD 6.0 (GENERIC) i386
>Description:
The Base64 decoder (i've just replaced the entire layer of my stepchild and took your implementation as a base -- thanks!) won't detect illegal input that is padded with more than two == PAD characters.
E.g., if the last characters are [=]=== then this is not detected, since *a* and *b* are not tested for the special EQU value, but only for the also special BAD.
I have no real idea of NetBSD Mail(1), but once i've implanted that code into my stepchild i saw an ugly letter-replacement on my UTF-8 terminal (i.e. the Base64 output is directly passed through iconv(3) and then ends on the terminal).
>How-To-Repeat:
Force a Base64 defect so that more than two EQU pad characters (=) occur.
>Fix:
Diff based on mime_codecs.c,v 1.9 (the X-less git(1) clone is not around).
(And easier would be "a > 64 || b > 64 ||...", but that renders EQU/BAD somewhat doomed.)

--- mime_codecs.c.orig	2012-11-20 12:35:08.000000000 +0100
+++ mime_codecs.c	2012-11-20 12:36:24.000000000 +0100
@@ -237,6 +237,10 @@ mime_b64tobin(char *bin, const char *b64
 		unsigned c = uchar64(q[2]);
 		unsigned d = uchar64(q[3]);

+		if (a == BAD || a == EQU || b == BAD || b == EQU ||
+				c == BAD || d == BAD)
+			return -1;
+
 		*p++ = ((a << 2) | ((b & 0x30) >> 4));
 		if (c == EQU)	{ /* got '=' */
 			if (d != EQU)
@@ -248,9 +252,6 @@ mime_b64tobin(char *bin, const char *b64
 			break;
 		}
 		*p++ = (((c & 0x03) << 6) | d);
-
-		if (a == BAD || b == BAD || c == BAD || d == BAD)
-			return -1;
 	}

 #undef uchar64

>Release-Note:

>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/47237 CVS commit: src/usr.bin/mail
Date: Sat, 24 Nov 2012 16:40:02 -0500

 Module Name:	src
 Committed By:	christos
 Date:		Sat Nov 24 21:40:02 UTC 2012

 Modified Files:
 	src/usr.bin/mail: mime_codecs.c

 Log Message:
 PR/47237: Steffen Nurpmeso: Detect more than 2 pad characters and mark as bad.


 To generate a diff of this commit:
 cvs rdiff -u -r1.9 -r1.10 src/usr.bin/mail/mime_codecs.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Tue, 11 Dec 2012 16:17:34 +0000
State-Changed-Why:
christos fixed it
thanks for the patch.


>Unformatted:

Home	PR Database Search