[tor/master] When decoding a base-{16, 32, 64} value, clear the target buffer first - tor-commits

22 Dec 2014

commit 47760c7ba5f1c87c945f4a018e3b3da6d127a8b9
Author: Nick Mathewson nickm@torproject.org
Date:   Mon Dec 22 12:56:35 2014 -0500
When decoding a base-{16,32,64} value, clear the target buffer first
This is a good idea in case the caller stupidly doesn't check the
    return value from baseX_decode(), and as a workaround for the
    current inconsistent API of base16_decode.
Prevents any fallout from bug 14013.
---
 src/common/crypto.c |    6 ++++++
 src/common/util.c   |    3 +++
 2 files changed, 9 insertions(+)

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 925beb3..6327614 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2678,6 +2678,8 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
   if (destlen > SIZE_T_CEILING)
     return -1;
+  memset(dest, 0, destlen);
+
   EVP_DecodeInit(&ctx);
   EVP_DecodeUpdate(&ctx, (unsigned char*)dest, &len,
                    (unsigned char*)src, srclen);
@@ -2699,6 +2701,8 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
   if (destlen > SIZE_T_CEILING)
     return -1;
+  memset(dest, 0, destlen);
+
   /* Iterate over all the bytes in src.  Each one will add 0 or 6 bits to the
    * value we're decoding.  Accumulate bits in <b>n</b>, and whenever we have
    * 24 bits, batch them into 3 bytes and flush those bytes to dest.
@@ -2878,6 +2882,8 @@ base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
   tor_assert((nbits/8) <= destlen); /* We need enough space. */
   tor_assert(destlen < SIZE_T_CEILING);
+  memset(dest, 0, destlen);
+
   /* Convert base32 encoded chars to the 5-bit values that they represent. */
   tmp = tor_malloc_zero(srclen);
   for (j = 0; j < srclen; ++j) {
diff --git a/src/common/util.c b/src/common/util.c
index 5eb0f9a..036fd25 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1076,6 +1076,9 @@ base16_decode(char *dest, size_t destlen, const char *src, size_t srclen)
     return -1;
   if (destlen < srclen/2 || destlen > SIZE_T_CEILING)
     return -1;
+
+  memset(dest, 0, destlen);
+
   end = src+srclen;
   while (src<end) {
     v1 = hex_decode_digit_(*src);

    