Check `sizeof(base64_dec_tab)` in base64 encoding; fix #3947

The issue (and the fix) reported by https://hackerone.com/aerodudrizzt

Check `sizeof(base64_dec_tab)` in base64 encoding; fix #3947
The issue (and the fix) reported by https://hackerone.com/aerodudrizzt
ef1a0e63 · Yukihiro "Matz" Matsumoto · 74837530 · ef1a0e63
Commit ef1a0e63 authored Feb 13, 2018 by Yukihiro "Matz" Matsumoto
Show whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

mrbgems/mruby-pack/src/pack.c mrbgems/mruby-pack/src/pack.c +1 -1

No files found.
--- a/mrbgems/mruby-pack/src/pack.c
+++ b/mrbgems/mruby-pack/src/pack.c
@@ -806,7 +806,7 @@ unpack_m(mrb_state *mrb, const void *src, int slen, mrb_value ary, unsigned int
 	  ch[i] = 0;
 	  padding++;
 	}
-      } while (ch[i] == PACK_BASE64_IGNORE);
+      } while (c >= sizeof(base64_dec_tab) || ch[i] == PACK_BASE64_IGNORE);
    }

    l = (ch[0] << 18) + (ch[1] << 12) + (ch[2] << 6) + ch[3];