Re: [exim-dev] [Bug 2235] New: CVE-2018-6789

Top Page
Delete this message
Reply to this message
Author: Jakob Hirsch
Date:  
To: exim-dev
Subject: Re: [exim-dev] [Bug 2235] New: CVE-2018-6789
Hi,

> + int l = Ustrlen(code);
> + *ptr = result = store_get(1 + l/4 * 3 + l%4);


An easier (or at least shorter) fix would have been

uschar *result = store_get((Ustrlen(code)+1)*3/4 + 1);

Anyway, I wonder why we need two base64 decoding functions. Sure, they
serve different purposes, but the inner parts mostly do the same (apart
from error handling). Shouldn't we consolidate this? This surely would
require some rework (e.g. the state needs to be saved between b64decode
calls for robust mime decoding), but I guess it's worth the time to have
cleaner code.
I would surely prefer the decoding loop from mime_decode_base64 over the
one in b64encode, not only because it's much shorter (20 lines vs. 50)
and very much easier to read (I highly doubt the claims of b64encode
"written out in a straightforward way" and "compact loop is messy").
Note that I might be a little biased here, as most of mime_decode_base64
was written by me :)

Any objections?