scsi: pvscsi: check command descriptor ring buffer size (CVE-2016-4952)
[qemu.git] / util / base64.c
1 /*
2 * QEMU base64 helpers
3 *
4 * Copyright (c) 2015 Red Hat, Inc.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 *
19 */
20
21 #include "qemu/osdep.h"
22 #include "qapi/error.h"
23 #include "qemu/base64.h"
24
25 static const char *base64_valid_chars =
26 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=\n";
27
28 uint8_t *qbase64_decode(const char *input,
29 size_t in_len,
30 size_t *out_len,
31 Error **errp)
32 {
33 *out_len = 0;
34
35 if (in_len != -1) {
36 /* Lack of NUL terminator is an error */
37 if (input[in_len] != '\0') {
38 error_setg(errp, "Base64 data is not NUL terminated");
39 return NULL;
40 }
41 /* Check there's no NULs embedded since we expect
42 * this to be valid base64 data */
43 if (memchr(input, '\0', in_len) != NULL) {
44 error_setg(errp, "Base64 data contains embedded NUL characters");
45 return NULL;
46 }
47
48 /* Now we know its a valid nul terminated string
49 * strspn is safe to use... */
50 } else {
51 in_len = strlen(input);
52 }
53
54 if (strspn(input, base64_valid_chars) != in_len) {
55 error_setg(errp, "Base64 data contains invalid characters");
56 return NULL;
57 }
58
59 return g_base64_decode(input, out_len);
60 }