modp_b64: Handle overflow in Base64Encode
Cherry-pick changes on crrev.com/c/3909830.
libchrome will be using the macro MODP_B64_MAX_INPUT_LEN for r1050872
uprev.
BUG=None
TEST=emerge modp_b64 libchrome (r1050872)
Change-Id: I76e221a3c1b3be0c5d0bf3c237716e3f4170af50
Reviewed-on: https://chromium-review.googlesource.com/c/aosp/platform/external/modp_b64/+/3979129
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Auto-Submit: Grace Cham <hscham@chromium.org>
Tested-by: Grace Cham <hscham@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
diff --git a/modp_b64/modp_b64.h b/modp_b64/modp_b64.h
index 3270e5f..0a2669d 100644
--- a/modp_b64/modp_b64.h
+++ b/modp_b64/modp_b64.h
@@ -24,6 +24,7 @@
#ifndef MODP_B64
#define MODP_B64
+#include <limits.h>
#include <stddef.h>
#ifdef __cplusplus
@@ -81,6 +82,19 @@
size_t modp_b64_decode(char* dest, const char* src, size_t len);
/**
+ * The maximum input that can be passed into modp_b64_encode. Lengths beyond
+ * this will overflow modp_b64_encode_len.
+ *
+ * This works because modp_b64_encode_len(A) computes:
+ * ceiling[max_len / 3] * 4 + 1
+ * = ceiling[floor[(SIZE_MAX-1)/4]*3 / 3] * 4 + 1
+ * = floor[(SIZE_MAX-1)/4] * 4 + 1
+ * <= SIZE_MAX-1 + 1
+ * = SIZE_MAX
+ */
+#define MODP_B64_MAX_INPUT_LEN ((SIZE_MAX - 1) / 4 * 3)
+
+/**
* Given a source string of length len, this returns the amount of
* memory the destination string should have.
*
@@ -89,6 +103,9 @@
* ceiling[len / 3] * 4 + 1
*
* +1 is for any extra null.
+ *
+ * WARNING: This expression will overflow if the A is above
+ * MODP_B64_MAX_INPUT_LEN. The caller must check this bound first.
*/
#define modp_b64_encode_len(A) ((A+2)/3 * 4 + 1)