diff options
| author | Michael Paquier <michael@paquier.xyz> | 2019-07-04 16:08:09 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2019-07-04 16:08:09 +0900 |
| commit | cfc40d384ae51ea2886d599d2008ae57b529e6ea (patch) | |
| tree | 725bf1bb55c99ead091f16ff9ccfc542ef7a2855 /src/include/common/base64.h | |
| parent | d5ab9a891cb590aad4278026b2edda685f2524a2 (diff) | |
| download | postgresql-cfc40d384ae51ea2886d599d2008ae57b529e6ea.tar.gz postgresql-cfc40d384ae51ea2886d599d2008ae57b529e6ea.zip | |
Introduce safer encoding and decoding routines for base64.c
This is a follow-up refactoring after 09ec55b and b674211, which has
proved that the encoding and decoding routines used by SCRAM have a
poor interface when it comes to check after buffer overflows. This adds
an extra argument in the shape of the length of the result buffer for
each routine, which is used for overflow checks when encoding or
decoding an input string. The original idea comes from Tom Lane.
As a result of that, the encoding routine can now fail, so all its
callers are adjusted to generate proper error messages in case of
problems.
On failure, the result buffer gets zeroed.
Author: Michael Paquier
Reviewed-by: Daniel Gustafsson
Discussion: https://postgr.es/m/20190623132535.GB1628@paquier.xyz
Diffstat (limited to 'src/include/common/base64.h')
| -rw-r--r-- | src/include/common/base64.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/include/common/base64.h b/src/include/common/base64.h index 1bae5ec9664..c30b1734833 100644 --- a/src/include/common/base64.h +++ b/src/include/common/base64.h @@ -11,8 +11,8 @@ #define BASE64_H /* base 64 */ -extern int pg_b64_encode(const char *src, int len, char *dst); -extern int pg_b64_decode(const char *src, int len, char *dst); +extern int pg_b64_encode(const char *src, int len, char *dst, int dstlen); +extern int pg_b64_decode(const char *src, int len, char *dst, int dstlen); extern int pg_b64_enc_len(int srclen); extern int pg_b64_dec_len(int srclen); |