Re: base64.? going into rfc3548bis

[Ralf Wildenhues]

Hi Simon,

* Simon Josefsson wrote on Fri, Mar 24, 2006 at 12:06:31PM CET:
> FYI: The update of RFC 3548 will include lib/base64.?, so additional
> review of these two files would be appreciated.

If CHAR_BIT > 8, then an unsanitized array `in' as argument to
base64_encode could read past the bounds of b64str.  I believe
the patch below should fix this.  If you're worried about the
compiler not optimizing this away on systems with CHAR_BIT == 8
(which I have not checked), it would probably help to mask the
input with 0x7f here.

FWIW, I have not done a thorough review.

Cheers,
Ralf

        * lib/base64.c (base64_encode): Do not read past end of
        array with unsanitized input on systems with CHAR_BIT > 8.

Index: lib/base64.c
===================================================================
RCS file: /cvsroot/gnulib/gnulib/lib/base64.c,v
retrieving revision 1.6
diff -u -r1.6 base64.c
--- lib/base64.c        12 Jan 2006 08:59:35 -0000      1.6
+++ lib/base64.c        24 Mar 2006 12:17:42 -0000
@@ -73,7 +73,7 @@
 
   while (inlen && outlen)
     {
-      *out++ = b64str[to_uchar (in[0]) >> 2];
+      *out++ = b64str[(to_uchar (in[0]) >> 2) & 0x3f];
       if (!--outlen)
        break;
       *out++ = b64str[((to_uchar (in[0]) << 4)